diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 573b225d..ea19e833 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @kvaps +* @kvaps @lllamnyp diff --git a/ADOPTERS.md b/ADOPTERS.md index 694ba3b0..80dbbce1 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -13,8 +13,8 @@ but it means a lot to us. To add your organization to this list, you can either: -- [open a pull request](https://github.com/aenix-io/cozystack/pulls) to directly update this file, or -- [edit this file](https://github.com/aenix-io/cozystack/blob/main/ADOPTERS.md) directly in GitHub +- [open a pull request](https://github.com/cozystack/cozystack/pulls) to directly update this file, or +- [edit this file](https://github.com/cozystack/cozystack/blob/main/ADOPTERS.md) directly in GitHub Feel free to ask in the Slack chat if you any questions and/or require assistance with updating this list. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2ca9e9ef..95d3be0e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -23,7 +23,7 @@ We welcome many types of contributions including: * New features * Builds, CI/CD * Bug fixes -* [Documentation](https://github.com/aenix-io/cozystack-website/tree/main) +* [Documentation](https://github.com/cozystack/cozystack-website/tree/main) * Issue Triage * Answering questions on Slack or Github Discussions * Web design diff --git a/Makefile b/Makefile index 1126c917..d3f14e72 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,7 @@ build: make -C packages/system/cozystack-controller image make -C packages/system/cilium image make -C packages/system/kubeovn image + make -C packages/system/kubeovn-webhook image make -C packages/system/dashboard image make -C packages/system/kamaji image make -C packages/system/bucket image diff --git a/README.md b/README.md index 6cd02fbe..205114c3 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ ![Cozystack](img/cozystack-logo-white.svg#gh-dark-mode-only) [![Open Source](https://img.shields.io/badge/Open-Source-brightgreen)](https://opensource.org/) -[![Apache-2.0 License](https://img.shields.io/github/license/aenix-io/cozystack)](https://opensource.org/licenses/) -[![Support](https://img.shields.io/badge/$-support-12a0df.svg?style=flat)](https://aenix.io/contact-us/#meet) -[![Active](http://img.shields.io/badge/Status-Active-green.svg)](https://aenix.io/cozystack/) -[![GitHub Release](https://img.shields.io/github/release/aenix-io/cozystack.svg?style=flat)](https://github.com/aenix-io/cozystack) -[![GitHub Commit](https://img.shields.io/github/commit-activity/y/aenix-io/cozystack)](https://github.com/aenix-io/cozystack) +[![Apache-2.0 License](https://img.shields.io/github/license/cozystack/cozystack)](https://opensource.org/licenses/) +[![Support](https://img.shields.io/badge/$-support-12a0df.svg?style=flat)](https://cozystack.io/support/) +[![Active](http://img.shields.io/badge/Status-Active-green.svg)](https://github.com/cozystack/cozystack) +[![GitHub Release](https://img.shields.io/github/release/cozystack/cozystack.svg?style=flat)](https://github.com/cozystack/cozystack/releases/latest) +[![GitHub Commit](https://img.shields.io/github/commit-activity/y/cozystack/cozystack)](https://github.com/cozystack/cozystack/graphs/contributors) # Cozystack @@ -42,21 +42,21 @@ If you encounter any difficulties, start with the [troubleshooting guide](https: ## Versioning Versioning adheres to the [Semantic Versioning](http://semver.org/) principles. -A full list of the available releases is available in the GitHub repository's [Release](https://github.com/aenix-io/cozystack/releases) section. +A full list of the available releases is available in the GitHub repository's [Release](https://github.com/cozystack/cozystack/releases) section. -- [Roadmap](https://github.com/orgs/aenix-io/projects/2) +- [Roadmap](https://cozystack.io/docs/roadmap/) ## Contributions Contributions are highly appreciated and very welcomed! -In case of bugs, please, check if the issue has been already opened by checking the [GitHub Issues](https://github.com/aenix-io/cozystack/issues) section. +In case of bugs, please, check if the issue has been already opened by checking the [GitHub Issues](https://github.com/cozystack/cozystack/issues) section. In case it isn't, you can open a new one: a detailed report will help us to replicate it, assess it, and work on a fix. You can express your intention in working on the fix on your own. Commits are used to generate the changelog, and their author will be referenced in it. -In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/aenix-io/cozystack/discussions/categories/feature-requests). +In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/cozystack/cozystack/discussions/categories/feature-requests). You can join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack). @@ -67,8 +67,4 @@ The code is provided as-is with no warranties. ## Commercial Support -[**Ænix**](https://aenix.io) offers enterprise-grade support, available 24/7. - -We provide all types of assistance, including consultations, development of missing features, design, assistance with installation, and integration. - -[Contact us](https://aenix.io/contact/) +A list of companies providing commercial support for this project can be found on [official site](https://cozystack.io/support/). diff --git a/api/api-rules/cozystack_api_violation_exceptions.list b/api/api-rules/cozystack_api_violation_exceptions.list index 5c65e849..1092b88b 100644 --- a/api/api-rules/cozystack_api_violation_exceptions.list +++ b/api/api-rules/cozystack_api_violation_exceptions.list @@ -1,4 +1,4 @@ -API rule violation: list_type_missing,github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions +API rule violation: list_type_missing,github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource diff --git a/cmd/cozystack-api/main.go b/cmd/cozystack-api/main.go index 5c743da1..b78edcb0 100644 --- a/cmd/cozystack-api/main.go +++ b/cmd/cozystack-api/main.go @@ -19,7 +19,7 @@ package main import ( "os" - "github.com/aenix-io/cozystack/pkg/cmd/server" + "github.com/cozystack/cozystack/pkg/cmd/server" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/component-base/cli" ) diff --git a/cmd/cozystack-controller/main.go b/cmd/cozystack-controller/main.go index 04befbfa..22471047 100644 --- a/cmd/cozystack-controller/main.go +++ b/cmd/cozystack-controller/main.go @@ -36,9 +36,9 @@ import ( metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" - cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1" - "github.com/aenix-io/cozystack/internal/controller" - "github.com/aenix-io/cozystack/internal/telemetry" + cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + "github.com/cozystack/cozystack/internal/controller" + "github.com/cozystack/cozystack/internal/telemetry" // +kubebuilder:scaffold:imports ) diff --git a/dashboards/clickhouse/altinity-clickhouse-operator-dashboard.json b/dashboards/clickhouse/altinity-clickhouse-operator-dashboard.json new file mode 100644 index 00000000..7e19bad5 --- /dev/null +++ b/dashboards/clickhouse/altinity-clickhouse-operator-dashboard.json @@ -0,0 +1,5407 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "enable": true, + "expr": "ALERTS{app=~\"clickhouse-operator|zookeeper\"}", + "hide": false, + "iconColor": "rgba(255, 96, 96, 1)", + "limit": 100, + "name": "prometheus alerts", + "showIn": 0, + "step": "30s", + "tagKeys": "chi,pod_name,hostname,exported_namespace,namespace", + "tags": [], + "textFormat": "{{alertstate}}", + "titleFormat": "{{alertname}}", + "type": "tags" + } + ] + }, + "description": "Alitinity Clickhouse Operator metrics exported by Monitoring Agent", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": 229, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "hidden", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 22, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 43, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "custom.axisPlacement", + "value": "auto" + } + ] + } + ] + }, + "gridPos": { + "h": 4, + "w": 10, + "x": 0, + "y": 0 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sort(avg by (hostname)(chi_clickhouse_metric_Uptime{chi=~\"$chi\",hostname=~\"$hostname\"})) OR on () vector(0)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{hostname}}", + "metric": "chi_clickhouse_metric_Uptime", + "range": true, + "refId": "A", + "step": 60 + } + ], + "title": "Uptime (logarithmic)", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Clickhouse operator metrics-exporter fails when grab metrics from clickhouse-server\n\nPlease look pods status\n\nkubectl get pods --all-namespaces | grep clickhouse", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 3, + "x": 10, + "y": 0 + }, + "id": 47, + "links": [ + { + "targetBlank": true, + "title": "metric_fetch_errors", + "url": "https://github.com/Altinity/clickhouse-operator/search?q=metric_fetch_errors" + } + ], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(chi_clickhouse_metric_fetch_errors{chi=~\"$chi\",hostname=~\"$hostname\",fetch_type=\"system.metrics\"})", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 60 + } + ], + "title": "Failed Pods", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "For example, version 11.22.33 is translated to 11022033", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "hidden", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 3, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "locale" + }, + "overrides": [ + { + "matcher": { + "id": "byType", + "options": "time" + }, + "properties": [ + { + "id": "custom.axisPlacement", + "value": "auto" + } + ] + } + ] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 13, + "y": 0 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sort_desc(max by (hostname) (chi_clickhouse_metric_VersionInteger{chi=~\"$chi\",hostname=~\"$hostname\"}))", + "intervalFactor": 2, + "legendFormat": "{{hostname}}", + "metric": "chi_clickhouse_metric_VersionInteger", + "range": true, + "refId": "A", + "step": 60 + } + ], + "title": "Version", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 20, + "y": 0 + }, + "id": 56, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "max(chi_clickhouse_metric_NumberOfTables{chi=~\"$chi\",hostname=~\"$hostname\"})", + "instant": false, + "legendFormat": "Tables", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "max(chi_clickhouse_metric_NumberOfDatabases{chi=~\"$chi\",hostname=~\"$hostname\"})", + "hide": false, + "instant": false, + "legendFormat": "Databases", + "range": true, + "refId": "B" + } + ], + "title": "", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#265d1fd9", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Value" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "pattern": "(\\d\\d)(?:00(\\d)|0(\\d\\d)|(\\d\\d\\d))0*(.*)", + "result": { + "index": 0, + "text": "$1.$2$3$4.$5" + } + }, + "type": "regex" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 22, + "y": 0 + }, + "id": 62, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Version$/", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "value_and_name", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": true, + "expr": "max(chi_clickhouse_metric_VersionInteger{chi=~\"$chi\",hostname=~\"$hostname\"})", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Version", + "metric": "chi_clickhouse_metric_VersionInteger", + "range": true, + "refId": "A", + "step": 60 + } + ], + "title": "", + "transformations": [ + { + "id": "renameByRegex", + "options": { + "regex": "chi-(.*)\\.svc\\.cluster\\.local", + "renamePattern": "$1" + } + }, + { + "id": "convertFieldType", + "options": { + "conversions": [ + { + "destinationType": "string", + "targetField": "Value" + } + ], + "fields": {} + } + } + ], + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Check Zookeeper connection, Disk Free space and network interconnection between replicas ASAP", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 3, + "x": 10, + "y": 2 + }, + "id": 6, + "links": [ + { + "targetBlank": true, + "title": "Restore After Failures", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/#recovery-after-failures" + }, + { + "targetBlank": true, + "title": "Restore After Data Loss", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/#recovery-after-complete-data-loss" + } + ], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(chi_clickhouse_metric_ReadonlyReplica{chi=~\"$chi\",hostname=~\"$hostname\"})", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 60 + } + ], + "title": "ReadOnly replicas", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show DNS errors and distributed server-server connections failures", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 4 + }, + "id": 21, + "links": [ + { + "targetBlank": true, + "title": "Manage Distributed tables", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/system#managing-distributed-tables" + }, + { + "targetBlank": true, + "title": "DNSError", + "url": "https://github.com/ClickHouse/ClickHouse/search?q=DNSError" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_NetworkErrors{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "NetworkErrors {{hostname}}", + "metric": "chi_clickhouse_event_NetworkErrors", + "refId": "A", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DistributedConnectionFailAtAll{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "DistributedConnectionFailAtAll {{hostname}}", + "metric": "chi_clickhouse_event_DistributedConnectionFailAtAll", + "refId": "B", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DistributedConnectionFailTry{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "DistributedConnectionFailTry {{hostname}}", + "metric": "chi_clickhouse_event_DistributedConnectionFailTry", + "refId": "C", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DNSError{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "DNSErrors {{hostname}}", + "metric": "chi_clickhouse_event_NetworkErrors", + "refId": "D", + "step": 120 + } + ], + "title": "DNS and Distributed Connection Errors", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show readonly and partial shutdown replicas, zookeeer exceptions, zookeeer sessions, zookeeper init requests", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 4 + }, + "id": 19, + "links": [ + { + "targetBlank": true, + "title": "Recommened Zookeeper Settings", + "url": "https://clickhouse.com/docs/en/operations/tips#zookeeper" + }, + { + "targetBlank": true, + "title": "system.zookeeper", + "url": "https://clickhouse.com/docs/en/operations/system-tables/zookeeper" + }, + { + "targetBlank": true, + "title": "Replication details", + "url": "https://www.slideshare.net/Altinity/introduction-to-the-mysteries-of-clickhouse-replication-by-robert-hodges-and-altinity-engineering-team" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ReadonlyReplica{chi=~\"$chi\",hostname=~\"$hostname\"}", + "hide": false, + "intervalFactor": 2, + "legendFormat": "ReadonlyReplica {{hostname}}", + "metric": "chi_clickhouse_metric_ReadonlyReplica", + "refId": "D", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ReplicaPartialShutdown{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "ReplicaPartialShutdown {{hostname}}", + "metric": "chi_clickhouse_event_ReplicaPartialShutdown", + "refId": "E", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ZooKeeperUserExceptions{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": true, + "intervalFactor": 2, + "legendFormat": "ZooKeeperUserExceptions {{hostname}}", + "metric": "chi_clickhouse_event_ZooKeeperUserExceptions", + "refId": "B", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ZooKeeperInit{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "ZooKeeperInit {{hostname}}", + "metric": "chi_clickhouse_event_ZooKeeperInit", + "refId": "A", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_metric_ZooKeeperSession{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "ZooKeeperSession {{hostname}}", + "metric": "chi_clickhouse_metric_ZooKeeperSession", + "refId": "C", + "step": 120 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ZooKeeperHardwareExceptions{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "ZooKeeperHardwareExceptions {{hostname}}", + "metric": "chi_clickhouse_event_ZooKeeperUserExceptions", + "refId": "F", + "step": 120 + } + ], + "title": "Replication and ZooKeeper Exceptions", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "delayed query\nNumber of INSERT queries that are throttled due to high number of active data parts for partition in a *MergeTree table.\n\ndelayed blocks\nNumber of times the INSERT of a block to a *MergeTree table was throttled due to high number of active data parts for partition. \n\nrejected blocks\nNumber of times the INSERT of a block to a MergeTree table was rejected with 'Too many parts' exception due to high number of active data parts for partition.\n\n\nplease look\nparts_to_delay_insert\nparts_to_throw_insert\n\nin system.merge_tree_settings table", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 4 + }, + "id": 5, + "links": [ + { + "targetBlank": true, + "title": "system.parts_log", + "url": "https://clickhouse.com/docs/en/operations/system-tables/part_log" + }, + { + "targetBlank": true, + "title": "system.merge_tree_settings", + "url": "https://clickhouse.com/docs/en/operations/system-tables/merge_tree_settings" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_DelayedInserts{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "delayed queries {{hostname}}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DelayedInserts{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "delayed blocks {{hostname}}", + "refId": "B", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_RejectedInserts{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "rejected blocks {{hostname}}", + "refId": "C", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_DistributedFilesToInsert{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "pending distributed files {{ hostname }}", + "refId": "D" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_BrokenDistributedFilesToInsert{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "broken distributed files {{ hostname }}", + "refId": "E" + } + ], + "title": "Delayed/Rejected/Pending Inserts", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of executing queries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisWidth": 55, + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 29, + "gradientMode": "hue", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "stepBefore", + "lineWidth": 0, + "pointSize": 2, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Overall" + }, + "properties": [ + { + "id": "custom.lineInterpolation", + "value": "smooth" + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "solid" + } + }, + { + "id": "custom.lineWidth", + "value": 1 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 11 + }, + "id": 63, + "links": [ + { + "targetBlank": true, + "title": "max_concurent_queries", + "url": "https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings#max_concurrent_queries" + }, + { + "targetBlank": true, + "title": "max_execution_time", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#max-execution-time" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "max", + "sum" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": true, + "expr": "max by (hostname) (max_over_time(chi_clickhouse_metric_Query{chi=~\"$chi\",hostname=~\"$hostname\"}[$__interval])-1) OR on () vector(0) > 0", + "hide": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{hostname}}", + "range": true, + "refId": "A", + "step": 10 + }, + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": true, + "expr": "sum(chi_clickhouse_metric_Query{chi=~\"$chi\",hostname=~\"$hostname\"}-1) OR on () vector(0)", + "hide": false, + "interval": "", + "intervalFactor": 5, + "legendFormat": "Overall", + "range": true, + "refId": "Overall", + "step": 10 + } + ], + "title": "Queries (running)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of executing select queries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisWidth": 55, + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 25, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 11 + }, + "id": 8, + "links": [ + { + "targetBlank": true, + "title": "max_concurent_queries", + "url": "https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings#max-concurrent-queries" + }, + { + "targetBlank": true, + "title": "max_execution_time", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#max-execution-time" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(rate(chi_clickhouse_event_SelectQuery{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])) OR on () vector(0)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "Select", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Select Queries (started per sec)", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total amount of memory (bytes) allocated in currently executing queries. \n\nNote that some memory allocations may not be accounted.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 11 + }, + "id": 13, + "links": [ + { + "targetBlank": true, + "title": "max_memory_usage", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#settings_max_memory_usage" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryTracking{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "{{hostname}}", + "refId": "A", + "step": 10 + } + ], + "title": "Memory for Queries", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of running INSERT queries. Does not include queries that failed to parse or were rejected due to AST size limits, quota limits or limits on the number of simultaneously running queries. May include internal queries initiated by ClickHouse itself. Does not count subqueries.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 18 + }, + "id": 30, + "links": [ + { + "targetBlank": true, + "title": "max_memory_usage", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#settings_max_memory_usage" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(chi_clickhouse_event_InsertQuery{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Insert queries {{hostname}}", + "range": true, + "refId": "C" + } + ], + "title": "Insert Queries (running)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of executing insert queries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisWidth": 55, + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 25, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 18 + }, + "id": 58, + "links": [ + { + "targetBlank": true, + "title": "max_concurent_queries", + "url": "https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings#max_concurrent_queries" + }, + { + "targetBlank": true, + "title": "max_execution_time", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#max-execution-time" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(rate(chi_clickhouse_event_InsertQuery{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])) OR on () vector(0)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "Select", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Insert Queries (started per sec)", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "## Tracks rows of inserted data.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 18 + }, + "id": 32, + "links": [ + { + "targetBlank": true, + "title": "max_memory_usage", + "url": "https://clickhouse.com/docs/en/operations/settings/query-complexity#settings_max_memory_usage" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_InsertedRows{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Insert rows {{hostname}}", + "refId": "A" + } + ], + "title": "Rows Inserted", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show how intensive data exchange between replicas in parts", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/^max.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFA6B0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^check.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^fetch.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B877D9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^(data loss|fetch fail|check fail).+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^replicated merge.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#DEB6F2", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 25 + }, + "id": 3, + "links": [ + { + "targetBlank": true, + "title": "How replication works", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedDataLoss{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "interval": "", + "intervalFactor": 2, + "legendFormat": "data loss {{hostname}}", + "refId": "A", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartChecks{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "check {{hostname}}", + "refId": "B", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartChecksFailed{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "check fail {{hostname}}", + "refId": "C", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartFetches{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "fetch {{hostname}}", + "refId": "D", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartFailedFetches{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "fetch fail {{hostname}}", + "refId": "E", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartFetchesOfMerged{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "fetch merged {{hostname}}", + "refId": "F", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "irate(chi_clickhouse_event_ReplicatedPartMerges{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "replicated merge {{hostname}}", + "refId": "G", + "step": 20 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ReplicasSumInsertsInQueue{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "inserts in queue {{hostname}}", + "refId": "H" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ReplicasSumMergesInQueue{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "merges in queue {{hostname}}", + "refId": "I" + } + ], + "title": "Replication Queue Jobs", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show seconds when replicated servers can be delayed relative to current time, when you insert directly in *ReplicatedMegreTree table on one server clickhouse need time to replicate new parts of data to another servers in same shard in background", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/^absolute.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^relative.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FADE2A", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 25 + }, + "id": 59, + "links": [ + { + "targetBlank": true, + "title": "Replication architecture", + "url": "https://clickhouse.com/docs/en/development/architecture#replication" + }, + { + "targetBlank": true, + "title": "ReplicatedMergeTree engine", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication" + }, + { + "targetBlank": true, + "title": "max_replica_delay_for_distributed_queries", + "url": "https://clickhouse.com/docs/en/operations/settings/settings#settings-max_replica_delay_for_distributed_queries" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ReplicasMaxAbsoluteDelay{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "absolute {{hostname}}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ReplicasMaxRelativeDelay{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "relative {{hostname}}", + "refId": "B", + "step": 10 + } + ], + "title": "Max Replica Delay", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of requests to ZooKeeper transactions per seconds.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 25 + }, + "id": 34, + "links": [ + { + "targetBlank": true, + "title": "Replication architecture", + "url": "https://clickhouse.com/docs/en/development/architecture#replication" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_ZooKeeperTransactions{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "transactions {{ hostname }}", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_ZooKeeperRequest{chi=~\"$chi\",hostname=~\"$hostname\"}", + "hide": true, + "legendFormat": "{{ hostname }}", + "refId": "A" + } + ], + "title": "Zookeeper Transactions", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show how intensive background merge processes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 32 + }, + "id": 2, + "links": [ + { + "targetBlank": true, + "title": "START/STOP Merges", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/system#stop-merges" + }, + { + "targetBlank": true, + "title": "MegreTree Engine description", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree" + } + ], + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_Merge{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "merges {{hostname}}", + "refId": "A", + "step": 4 + } + ], + "title": "Merges", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show how intensive background merge processes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 32 + }, + "id": 36, + "links": [ + { + "targetBlank": true, + "title": "START/STOP Merges", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/system#stop-merges" + }, + { + "targetBlank": true, + "title": "MegreTree Engine description", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree" + } + ], + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_MergedRows{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "rows {{hostname}}", + "refId": "B", + "step": 4 + } + ], + "title": "Merged Rows", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show how intensive background merge processes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 32 + }, + "id": 49, + "links": [ + { + "targetBlank": true, + "title": "START/STOP Merges", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/system#stop-merges" + }, + { + "targetBlank": true, + "title": "MegreTree Engine description", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree/" + } + ], + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_MergedUncompressedBytes{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "intervalFactor": 2, + "legendFormat": "bytes {{hostname}}", + "refId": "B", + "step": 4 + } + ], + "title": "Merged Uncompressed Bytes", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 39 + }, + "id": 23, + "links": [ + { + "targetBlank": true, + "title": "system.parts", + "url": "https://clickhouse.com/docs/en/operations/system-tables/parts" + }, + { + "targetBlank": true, + "title": "parts_to_delay_insert", + "url": "https://github.com/ClickHouse/ClickHouse/search?q=parts_to_delay_insert" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by(hostname) (chi_clickhouse_table_parts{chi=~\"$chi\",hostname=~\"$hostname\",active=\"1\"})", + "legendFormat": "Parts {{hostname}}", + "refId": "C" + } + ], + "title": "Active Parts", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*detached_by_user.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#CA95E5", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*broken.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E02F44", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*(clone|ignored).*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFEE52", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Inactive/" + }, + "properties": [ + { + "id": "custom.axisPlacement", + "value": "hidden" + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 39 + }, + "id": 50, + "links": [ + { + "targetBlank": true, + "title": "system.detached_parts", + "url": "https://clickhouse.com/docs/en/operations/system-tables/detached_parts/" + } + ], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by(hostname,reason) (chi_clickhouse_metric_DetachedParts{chi=~\"$chi\",hostname=~\"$hostname\"})", + "interval": "", + "legendFormat": "{{reason}} {{hostname}} ", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by(hostname) (chi_clickhouse_table_parts{chi=~\"$chi\",hostname=~\"$hostname\",active=\"0\"})", + "hide": true, + "interval": "", + "legendFormat": "Inactive {{hostname}} ", + "refId": "A" + } + ], + "title": "Detached parts", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Each logical partition defined over `PARTITION BY` contains few physical data \"parts\" ", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 39 + }, + "id": 4, + "links": [ + { + "targetBlank": true, + "title": "Custom Partitioning Key", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/custom-partitioning-key/" + }, + { + "targetBlank": true, + "title": "system.parts", + "url": "https://clickhouse.com/docs/en/operations/system-tables/parts" + }, + { + "targetBlank": true, + "title": "system.part_log", + "url": "https://clickhouse.com/docs/en/operations/system-tables/part-log" + } + ], + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MaxPartCountForPartition{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "{{hostname}}", + "refId": "A", + "step": 10 + } + ], + "title": "Max Part count for Partition", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Memory size allocated for clickhouse-server process\nAvailable for ClickHouse 20.4+\n\nVIRT \nThe total amount of virtual memory used by the task. It includes all code, data and shared libraries plus pages that have been swapped out.\n\nVIRT = SWAP + RES\n\n\nSWAP -- Swapped size (kb)\nThe swapped out portion of a task's total virtual memory image.\n\nRES -- Resident size (kb)\nThe non-swapped physical memory a task has used.\nRES = CODE + USED DATA.\n\nCODE -- Code size (kb)\nThe amount of physical memory devoted to executable code, also known as the 'text resident set' size or TRS\n\nDATA -- Data+Stack size (kb)\nThe amount of physical memory allocated to other than executable code, also known as the 'data resident set' size or DRS.\n\nSHR -- Shared Mem size (kb)\nThe amount of shared memory used by a task. It simply reflects memory that could be potentially shared with other processes.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/VIRT.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#73BF69", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/DATA.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/CODE.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/RES.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FADE2A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/SHR.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 46 + }, + "id": 46, + "links": [ + { + "targetBlank": true, + "title": "Describe Linux Process Memory types", + "url": "https://elinux.org/Runtime_Memory_Measurement" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryCode{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "CODE {{ hostname }}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryResident{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "RES {{ hostname }}", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryShared{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "SHR {{ hostname }}", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryDataAndStack{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "DATA {{ hostname }}", + "refId": "D" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryVirtual{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "VIRT {{ hostname }}", + "refId": "E" + } + ], + "title": " clickhouse-server Process Memory", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Memory size allocated for primary keys", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 46 + }, + "id": 45, + "links": [ + { + "targetBlank": true, + "title": "How to choose right primary key", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#selecting-the-primary-key" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryPrimaryKeyBytesAllocated{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "{{ hostname }}", + "refId": "A" + } + ], + "title": "Primary Keys Memory", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Memory size allocated for dictionaries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 46 + }, + "id": 43, + "links": [ + { + "targetBlank": true, + "title": "system.dictionaries", + "url": "https://clickhouse.com/docs/en/operations/system-tables/dictionaries" + }, + { + "targetBlank": true, + "title": "CREATE DICTIONARY", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/create/dictionary" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MemoryDictionaryBytesAllocated{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "{{ hostname }}", + "refId": "A" + } + ], + "title": "Dictionary Memory", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "shows how much space available in the kubernetes pod\n\nbe careful with multiple volumes configuration, kubernetes volume claims and S3 as storage backend", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 53 + }, + "id": 39, + "links": [ + { + "targetBlank": true, + "title": "system.disks", + "url": "https://clickhouse.com/docs/en/operations/system-tables/disks/" + }, + { + "targetBlank": true, + "title": "Multiple Disk Volumes", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#table_engine-mergetree-multiple-volumes" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_DiskFreeBytes{chi=~\"$chi\",hostname=~\"$hostname\"} / chi_clickhouse_metric_DiskTotalBytes{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "{{ disk }} {{hostname}}", + "refId": "A" + } + ], + "title": "Disk Space Free", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Bytes" + }, + "properties": [ + { + "id": "unit", + "value": "decbytes" + }, + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "color", + "value": { + "mode": "continuous-BlPu" + } + }, + { + "id": "custom.width", + "value": 233 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Rows" + }, + "properties": [ + { + "id": "unit", + "value": "short" + }, + { + "id": "custom.width", + "value": 118 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "database" + }, + "properties": [ + { + "id": "custom.width", + "value": 199 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "table" + }, + "properties": [ + { + "id": "custom.width", + "value": 238 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Parts" + }, + "properties": [ + { + "id": "custom.width", + "value": 101 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "BytePerRow" + }, + "properties": [ + { + "id": "custom.width", + "value": 120 + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 16, + "x": 8, + "y": 53 + }, + "id": 61, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": true + }, + "frameIndex": 2, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Bytes" + } + ] + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": false, + "expr": "sum by (database, table) (chi_clickhouse_table_parts_bytes{chi=~\"$chi\",hostname=~\"$hostname\", active=\"1\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Bytes", + "refId": "Bytes" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": false, + "expr": "sum by (database, table) (chi_clickhouse_table_parts_rows{chi=~\"$chi\",hostname=~\"$hostname\", active=\"1\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Rows", + "refId": "Rows" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editorMode": "code", + "exemplar": false, + "expr": "sum by (database, table) (chi_clickhouse_table_parts{chi=~\"$chi\",hostname=~\"$hostname\", active=\"1\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Parts", + "refId": "Parts" + } + ], + "title": "Table Stats", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": { + "Value #Bytes": "Bytes", + "Value #Parts": "Parts", + "Value #Rows": "Rows" + } + } + }, + { + "id": "calculateField", + "options": { + "alias": "BytePerRow", + "binary": { + "left": "Bytes", + "operator": "/", + "reducer": "sum", + "right": "Rows" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total data size for all ClickHouse *MergeTree tables\n\n", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 60 + }, + "id": 41, + "links": [ + { + "targetBlank": true, + "title": "system.parts", + "url": "https://clickhouse.com/docs/en/operations/system-tables/parts" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_DiskDataBytes{chi=~\"$chi\",hostname=~\"$hostname\"}", + "legendFormat": "{{ hostname }}", + "refId": "A" + } + ], + "title": "Clickhouse Data size on Disk", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "BackgroundPoolTask\t\n---\nNumber of active tasks in BackgroundProcessingPool (merges, mutations, fetches, or replication queue bookkeeping)\n\n\nBackgroundMovePoolTask\n---\nNumber of active tasks in BackgroundProcessingPool for moves\n\n\nBackgroundSchedulePoolTask\t\n---\nA number of active tasks in BackgroundSchedulePool. This pool is used for periodic ReplicatedMergeTree tasks, like cleaning old data parts, altering data parts, replica re-initialization, etc.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 67 + }, + "id": 9, + "links": [ + { + "targetBlank": true, + "title": "FETCH PARTITION", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/alter/partition#fetch-partitionpart" + }, + { + "targetBlank": true, + "title": "Mutations of data", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/alter#mutations" + }, + { + "targetBlank": true, + "title": "Data TTL", + "url": "https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#table_engine-mergetree-ttl" + }, + { + "targetBlank": true, + "title": "MOVE PARTITION", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/alter/partition#move-partitionpart" + } + ], + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_BackgroundPoolTask{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "merge, mutate, fetch {{hostname}}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_BackgroundSchedulePoolTask{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "clean, alter, replica re-init {{hostname}}", + "refId": "B", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_BackgroundMovePoolTask{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "moves {{hostname}}", + "refId": "C", + "step": 10 + } + ], + "title": "Background Tasks", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of active mutations (ALTER DELETE/ALTER UPDATE) and parts to mutate", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 67 + }, + "id": 26, + "links": [ + { + "targetBlank": true, + "title": "Mutations", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/alter#mutations" + }, + { + "targetBlank": true, + "title": "system.mutations", + "url": "https://clickhouse.com/docs/en/operations/system-tables/mutations" + }, + { + "targetBlank": true, + "title": "KILL MUTATION", + "url": "https://clickhouse.com/docs/en/sql-reference/statements/kill#kill-mutation" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by (hostname) (chi_clickhouse_table_mutations{chi=~\"$chi\",hostname=~\"$hostname\"})", + "legendFormat": "mutations {{hostname}}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by (hostname) (chi_clickhouse_table_mutations_parts_to_do{chi=~\"$chi\",hostname=~\"$hostname\"})", + "legendFormat": "parts_to_do {{hostname}}", + "refId": "B" + } + ], + "title": "Mutations", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show which percent of mark files (.mrk) read from memory instead of disk", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 67 + }, + "id": 11, + "links": [ + { + "targetBlank": true, + "title": "mark_cache_size", + "url": "https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings/#server-mark-cache-size" + }, + { + "targetBlank": true, + "title": "MergeTree architecture", + "url": "https://clickhouse.com/docs/en/development/architecture/#merge-tree" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_MarkCacheHits{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) / (irate(chi_clickhouse_event_MarkCacheHits{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) + irate(chi_clickhouse_event_MarkCacheMisses{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{hostname}}", + "refId": "A", + "step": 4 + } + ], + "title": "Marks Cache Hit Rate", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "The time which CPU spent on various types of activity ", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "µs" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/^Disk Read.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Disk Write.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E0B400", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Real Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#73BF69", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^User Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFF899", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^System Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS IO Wait.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS CPU Wait.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(95, 29, 29)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS CPU Virtual.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B877D9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Network Receive.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C0D8FF", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Network Send.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#8AB8FF", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 74 + }, + "id": 51, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_DiskReadElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": true, + "legendFormat": "Disk Read syscall {{hostname}}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_DiskWriteElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": true, + "legendFormat": "Disk Write syscall {{hostname}}", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_NetworkReceiveElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": true, + "legendFormat": "Network Receive {{hostname}}", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_NetworkSendElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": true, + "legendFormat": "Network Send {{hostname}}", + "refId": "D" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_RealTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Real Time {{hostname}}", + "refId": "E" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_UserTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "User Time {{hostname}}", + "refId": "F" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_SystemTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "System Time {{hostname}}", + "refId": "G" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_OSIOWaitMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS IO Wait {{hostname}}", + "refId": "H" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_OSCPUWaitMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS CPU Wait {{hostname}}", + "refId": "I" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_OSCPUVirtualTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS CPU Virtual {{hostname}}", + "refId": "J" + } + ], + "title": "CPU Time per second", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "The time which CPU spent on various types of activity ", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "µs" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/^Disk Read.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Disk Write.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E0B400", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Real Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#73BF69", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^User Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFF899", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^System Time.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS IO Wait.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS CPU Wait.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(95, 29, 29)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^OS CPU Virtual.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B877D9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Network Receive.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C0D8FF", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/^Network Send.+/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#8AB8FF", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 74 + }, + "id": 54, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_DiskReadElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "legendFormat": "Disk Read syscall {{hostname}}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_DiskWriteElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "legendFormat": "Disk Write syscall {{hostname}}", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_NetworkReceiveElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "legendFormat": "Network Receive {{hostname}}", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(chi_clickhouse_event_NetworkSendElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "hide": false, + "legendFormat": "Network Send {{hostname}}", + "refId": "D" + } + ], + "title": "Network / Disk CPU Time per second", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 74 + }, + "id": 55, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "chi_clickhouse_metric_LoadAverage1{chi=~\"$chi\",hostname=~\"$hostname\"}", + "hide": false, + "interval": "", + "legendFormat": "{{hostname}}", + "refId": "A" + } + ], + "title": "Load Average 1m", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "The time which CPU spent on various types of activity total for the selected period", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "µs" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 16, + "x": 0, + "y": 81 + }, + "id": 52, + "interval": "1m", + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DiskReadElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Disk Read syscall {{hostname}}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DiskWriteElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Disk Write syscall {{hostname}}", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_NetworkReceiveElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Network Receive {{hostname}}", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_NetworkSendElapsedMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Network Send {{hostname}}", + "refId": "D" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_RealTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Real Time {{hostname}}", + "refId": "E" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_UserTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "User Time {{hostname}}", + "refId": "F" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_SystemTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "System Time {{hostname}}", + "refId": "G" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_OSIOWaitMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS IO Wait {{hostname}}", + "refId": "H" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_OSCPUWaitMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS CPU Wait {{hostname}}", + "refId": "I" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_OSCPUVirtualTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "OS CPU Virtual {{hostname}}", + "refId": "J" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ThrottlerSleepMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Throttler Sleep {{hostname}}", + "refId": "K" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_DelayedInsertsMilliseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) * 1000", + "legendFormat": "Delayed Insert {{hostname}}", + "refId": "L" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_ZooKeeperWaitMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Zookeeper Wait {{hostname}}", + "refId": "M" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_CompileExpressionsMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Compile Expressions {{hostname}}", + "refId": "N" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_MergesTimeMilliseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) * 1000", + "legendFormat": "Merges {{hostname}}", + "refId": "O" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_RWLockReadersWaitMilliseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) * 1000", + "legendFormat": "RWLock Reader Wait {{hostname}}", + "refId": "P" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_RWLockWritersWaitMilliseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m]) * 1000", + "legendFormat": "RWLock Writer Wait {{hostname}}", + "refId": "Q" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_SelectQueryTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Select Query {{hostname}}", + "refId": "R" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_InsertQueryTimeMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "Insert Query {{hostname}}", + "refId": "S" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_S3ReadMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "S3 Read {{hostname}}", + "refId": "T" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(chi_clickhouse_event_S3WriteMicroseconds{chi=~\"$chi\",hostname=~\"$hostname\"}[1m])", + "legendFormat": "S3 Write {{hostname}}", + "refId": "U" + } + ], + "title": "CPU Time total", + "type": "piechart" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Show different types of connections for each server", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 81 + }, + "id": 48, + "links": [ + { + "targetBlank": true, + "title": "max_connections", + "url": "https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings#max-connections" + }, + { + "targetBlank": true, + "title": "max_distributed_connections", + "url": "https://clickhouse.com/docs/en/operations/settings/settings#max-distributed-connections" + }, + { + "targetBlank": true, + "title": "MySQL Protocol", + "url": "https://clickhouse.com/docs/en/interfaces/mysql/" + }, + { + "targetBlank": true, + "title": "HTTP Protocol", + "url": "https://clickhouse.com/docs/en/interfaces/http/" + }, + { + "targetBlank": true, + "title": "Native Protocol", + "url": "https://clickhouse.com/docs/en/interfaces/tcp/" + } + ], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_TCPConnection{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "tcp {{hostname}}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_HTTPConnection{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "http {{hostname}}", + "refId": "B", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_InterserverConnection{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "interserver {{hostname}}", + "refId": "C", + "step": 10 + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "chi_clickhouse_metric_MySQLConnection{chi=~\"$chi\",hostname=~\"$hostname\"}", + "intervalFactor": 2, + "legendFormat": "mysql {{hostname}}", + "refId": "D", + "step": 10 + } + ], + "title": "Connections", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "1m", + "schemaVersion": 40, + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "vm-shortterm", + "value": "24b0d575-0cea-474c-a4eb-c225d250858d" + }, + "includeAll": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values({__name__ =~ \"chi_clickhouse_metric_Uptime|chi_clickhouse_metric_fetch_errors\"}, chi)", + "includeAll": true, + "label": "Cluster", + "multi": true, + "name": "chi", + "options": [], + "query": { + "query": "label_values({__name__ =~ \"chi_clickhouse_metric_Uptime|chi_clickhouse_metric_fetch_errors\"}, chi)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "sort": 1, + "type": "query" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values({__name__ =~ \"chi_clickhouse_metric_Uptime|chi_clickhouse_metric_fetch_errors\",chi=~\"$chi\"}, hostname)", + "includeAll": true, + "label": "Server", + "multi": true, + "name": "hostname", + "options": [], + "query": { + "query": "label_values({__name__ =~ \"chi_clickhouse_metric_Uptime|chi_clickhouse_metric_fetch_errors\",chi=~\"$chi\"}, hostname)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "browser", + "title": "Altinity ClickHouse Operator Dashboard", + "uid": "clickhouse-operator", + "version": 4, + "weekStart": "" +} diff --git a/dashboards/goldpinger/goldpinger.json b/dashboards/goldpinger/goldpinger.json new file mode 100644 index 00000000..b044acf8 --- /dev/null +++ b/dashboards/goldpinger/goldpinger.json @@ -0,0 +1,1219 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "goldpinger", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 226, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 21, + "panels": [], + "title": "Overall Health", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(55, 174, 50, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 31 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 32 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 9, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "(count(goldpinger_nodes_health_total{status='healthy'}) + count(goldpinger_nodes_health_total{status='unhealthy'})) /2", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "metric": "goldpinger_nodes_health", + "refId": "A", + "step": 600 + } + ], + "title": "Goldpinger Nodes", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(55, 174, 50, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 1 + }, + "id": 20, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(increase(goldpinger_errors_total{goldpinger_instance=~\"$instance\"}[30m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "metric": "goldpinger_nodes_health", + "refId": "A", + "step": 600 + } + ], + "title": "Increase in # Errors [30m]", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "custom": { + "cellOptions": { + "type": "color-text" + }, + "inspect": false + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 2 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "unit", + "value": "time: YYYY-MM-DD HH:mm:ss" + }, + { + "id": "custom.align" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 16, + "x": 8, + "y": 1 + }, + "id": 11, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(goldpinger_nodes_health_total{status='unhealthy'}) by (goldpinger_instance)", + "format": "table", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 40 + } + ], + "title": "Unhealthy seen by instance", + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 12, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(increase(goldpinger_nodes_health_total{goldpinger_instance=~\"$instance\", status=\"unhealthy\"}[30m])) by (goldpinger_instance)", + "format": "time_series", + "interval": "5m", + "intervalFactor": 1, + "legendFormat": "{{ goldpinger_instance }}", + "metric": "goldpinger_nodes_health", + "refId": "A", + "step": 300 + } + ], + "title": "Unhealthy nodes increase [30m]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 6, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "always", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 10, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(increase(goldpinger_nodes_health_total{goldpinger_instance=~\"$instance\",status=\"unhealthy\"}[30m])) by (goldpinger_instance) / (sum(increase(goldpinger_nodes_health_total{goldpinger_instance=~\"$instance\",status=\"healthy\"}[30m])) by (goldpinger_instance) + sum(increase(goldpinger_nodes_health_total{goldpinger_instance=~\"$instance\",status=\"unhealthy\"}[30m])) by (goldpinger_instance))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 1, + "legendFormat": "{{ goldpinger_instance }}", + "metric": "goldpinger_nodes_health", + "refId": "A", + "step": 60 + } + ], + "title": "% Unhealthy nodes reported", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 22, + "panels": [], + "title": "Connections to peers", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 0, + "y": 18 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.99, sum(rate(goldpinger_peers_response_time_s_bucket{goldpinger_instance=~\"$instance\",call_type=~\"$call_type\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "99% response time from node [30m]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 8, + "y": 18 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.95, sum(rate(goldpinger_peers_response_time_s_bucket{goldpinger_instance=~\"$instance\",call_type=~\"$call_type\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "95% response time from node [30m]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 16, + "y": 18 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.50, sum(rate(goldpinger_peers_response_time_s_bucket{goldpinger_instance=~\"$instance\",call_type=~\"$call_type\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "50% response time from node [30m]", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 28 + }, + "id": 23, + "panels": [], + "title": "Connections to Kubernetes API", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 0, + "y": 29 + }, + "id": 13, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.99, sum(rate(goldpinger_kube_master_response_time_s_bucket{goldpinger_instance=~\"$instance\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "99% response time from k8s api [30m]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 8, + "y": 29 + }, + "id": 18, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.95, sum(rate(goldpinger_kube_master_response_time_s_bucket{goldpinger_instance=~\"$instance\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "95% response time from k8s api [30m]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 16, + "y": 29 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.4.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "histogram_quantile(0.50, sum(rate(goldpinger_kube_master_response_time_s_bucket{goldpinger_instance=~\"$instance\"}[30m])) by (goldpinger_instance, le))", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{ goldpinger_instance }}", + "refId": "A", + "step": 120 + } + ], + "title": "50% response time from k8s api [30m]", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "5m", + "schemaVersion": 40, + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "vm-shortterm", + "value": "24b0d575-0cea-474c-a4eb-c225d250858d" + }, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": [ + "$__all" + ] + }, + "datasource": "24b0d575-0cea-474c-a4eb-c225d250858d", + "definition": "", + "includeAll": true, + "label": "Instance", + "multi": true, + "name": "instance", + "options": [], + "query": "label_values(goldpinger_instance)", + "refresh": 1, + "regex": "", + "type": "query" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": [ + "$__all" + ] + }, + "datasource": "24b0d575-0cea-474c-a4eb-c225d250858d", + "definition": "", + "includeAll": true, + "label": "Call Type", + "multi": true, + "name": "call_type", + "options": [], + "query": "label_values(call_type)", + "refresh": 1, + "regex": "", + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Cluster: Goldpinger", + "uid": "8eYxJNhZk", + "version": 2, + "weekStart": "" +} diff --git a/dashboards/storage/linstor.json b/dashboards/storage/linstor.json new file mode 100644 index 00000000..be81abb8 --- /dev/null +++ b/dashboards/storage/linstor.json @@ -0,0 +1,2193 @@ +{ + "__inputs": [], + "__requires": [], + "annotations": { + "list": [] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 33, + "panels": [], + "title": "LINSTOR", + "type": "row" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 18, + "x": 0, + "y": 1 + }, + "id": 41, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "((sum by (storage_pool)(linstor_storage_pool_capacity_total_bytes{node=~\"$node\"} != 0)-sum by (storage_pool)(linstor_storage_pool_capacity_free_bytes{node=~\"$node\"}))*100/sum by (storage_pool)(linstor_storage_pool_capacity_total_bytes{node=~\"$node\"}))", + "hide": false, + "legendFormat": "{{ storage_pool }}", + "refId": "A" + } + ], + "title": "Space Usage", + "type": "gauge" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 1 + }, + "id": 43, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum by (storage_pool) (linstor_storage_pool_capacity_total_bytes{node=~\"$node\"} != 0)", + "hide": false, + "legendFormat": "{{ storage_pool }}", + "refId": "A" + } + ], + "title": "Total", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 5 + }, + "id": 44, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum by (storage_pool) (linstor_storage_pool_capacity_free_bytes{node=~\"$node\"} != 0)", + "hide": false, + "legendFormat": "{{ storage_pool }}", + "refId": "A" + } + ], + "title": "Free", + "type": "stat" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 9 + }, + "id": 42, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum by (storage_pool) ((linstor_storage_pool_capacity_total_bytes{node=~\"$node\"} != 0) - (linstor_storage_pool_capacity_free_bytes{node=~\"$node\"} != 0))", + "hide": false, + "legendFormat": "{{ storage_pool }}", + "refId": "A" + } + ], + "title": "Used", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 11 + }, + "id": 36, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(linstor_node_state{nodetype=\"SATELLITE\",node=~\"$node\"} == 2) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Nodes", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 11 + }, + "id": 38, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(linstor_storage_pool_capacity_total_bytes{driver!=\"DISKLESS\",node=~\"$node\"}) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Storage Pools", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 11 + }, + "id": 35, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(linstor_resource_definition_count{}) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Resource Definitions", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 11 + }, + "id": 37, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(linstor_resource_state{node=~\"$node\"}) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Resources", + "type": "stat" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 57, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 6, + "x": 12, + "y": 11 + }, + "id": 40, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "avg_over_time(linstor_scrape_duration_seconds[$__rate_interval])", + "legendFormat": "allocated", + "refId": "A" + } + ], + "title": "Scrape Duration", + "type": "timeseries" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-yellow", + "value": 6 + }, + { + "color": "orange", + "value": 10 + }, + { + "color": "red", + "value": 20 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 13 + }, + "id": 52, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum by (module) (round(increase(linstor_error_reports_count{module!=\"\", node=~\"$node\"}[$__rate_interval])))", + "instant": false, + "legendFormat": "{{ module }}", + "refId": "A" + } + ], + "title": "New Error Reports", + "transformations": [], + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 14 + }, + "id": 51, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(linstor_node_state{nodetype=\"SATELLITE\", node=~\"$node\"} != 2) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Offline Nodes", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 14 + }, + "id": 50, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(linstor_storage_pool_error_count{driver!=\"DISKLESS\", node=~\"$node\"} != 0) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Failed Storage Pools", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 14 + }, + "id": 49, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(((linstor_volume_state{node=~\"$node\"} != 1) != 4) != -1) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Failed Resources", + "type": "stat" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 46, + "panels": [], + "title": "Statistics", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "unit": "binBps" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "8.2.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "exemplar": true, + "expr": "rate(drbd_device_written_bytes_total{node=~\"$node\"}[$__rate_interval]) and topk(5, avg_over_time(drbd_device_written_bytes_total{node=~\"$node\"}[$__rate_interval]) > 0)", + "instant": false, + "legendFormat": "{{name}} on {{node}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Write Rate (5 Most Active Volumes)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:104", + "format": "binBps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:105", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "unit": "binBps" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "hiddenSeries": false, + "id": 25, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "8.2.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "exemplar": true, + "expr": "rate(drbd_device_read_bytes_total{node=~\"$node\"}[$__rate_interval]) and topk(5, avg_over_time(drbd_device_read_bytes_total{node=~\"$node\"}[$__rate_interval]) > 0)", + "instant": false, + "legendFormat": "{{name}} on {{node}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Read Rate (5 Most Active Volumes)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:254", + "format": "binBps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:255", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "unit": "binBps" + }, + "overrides": [] + }, + "fill": 5, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 26 + }, + "hiddenSeries": false, + "id": 47, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "8.2.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "exemplar": true, + "expr": "sum by (node) (rate(drbd_device_written_bytes_total{node=~\"$node\"}[$__rate_interval]))", + "instant": false, + "legendFormat": "{{ node }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Write Rate by Node", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:410", + "format": "binBps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:411", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "unit": "binBps" + }, + "overrides": [] + }, + "fill": 5, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 26 + }, + "hiddenSeries": false, + "id": 48, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "8.2.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "exemplar": true, + "expr": "sum by (node) (rate(drbd_device_read_bytes_total{node=~\"$node\"}[$__rate_interval]))", + "instant": false, + "legendFormat": "{{ node }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Read Rate by Node", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:332", + "format": "binBps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:333", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "${datasource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 34 + }, + "id": 8, + "panels": [], + "title": "DRBD", + "type": "row" + }, + { + "cacheTimeout": null, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 16, + "x": 0, + "y": 35 + }, + "id": 6, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "$$hashKey": "object:470", + "aggregation": "Last", + "decimals": 2, + "displayAliasType": "Warning / Critical", + "displayType": "Regular", + "displayValueWithAlias": "Never", + "exemplar": true, + "expr": "drbd_resource_resources{node=~\"$node\"}", + "legendFormat": "{{node}}", + "refId": "A", + "units": "none", + "valueHandler": "Number Threshold" + } + ], + "title": "Number of DRBD Resources", + "type": "gauge" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "unit": "s" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 35 + }, + "hiddenSeries": false, + "id": 27, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "8.2.6", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "exemplar": true, + "expr": "avg_over_time(scrape_duration_seconds{job=\"linstor-node\", node=~\"$node\"}[$__rate_interval])", + "legendFormat": "{{node}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scrape Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:158", + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:159", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": "${datasource}", + "description": "DRBD data out of sync with a peer", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 43 + }, + "id": 12, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(max by(name, volume) (drbd_peerdevice_outofsync_bytes{node=~\"$node\"} > 0)) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "out-of-sync data", + "type": "stat" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 46 + }, + "id": 14, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": false, + "expr": "count(count by (name) (drbd_connection_state{drbd_connection_state!=\"UpToDate\", drbd_connection_state!=\"Connected\", node=~\"$node\"} == 1)) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "disconnected", + "type": "stat" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 46 + }, + "id": 20, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(count by (name) (drbd_device_quorum{node=~\"$node\"} == 0)) OR on() vector(0)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + }, + { + "exemplar": true, + "expr": "count(drbd_device_quorum == 0)", + "hide": true, + "legendFormat": "", + "refId": "B" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "without quorum", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 46 + }, + "id": 4, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(drbd_device_unintentionaldiskless{node=~\"$node\"} == 1) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "storage failure", + "type": "stat" + }, + { + "datasource": "${datasource}", + "description": "DRBD data out of sync with a peer", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 46 + }, + "id": 29, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(count by (name) (drbd_peerdevice_outofsync_bytes{node=~\"$node\"} > 0)) OR on() vector(0)", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "out-of-sync", + "type": "stat" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "displayMode": "auto", + "filterable": false + }, + "mappings": [ + { + "options": { + "1": { + "text": "No" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 49 + }, + "id": 22, + "maxDataPoints": null, + "options": { + "frameIndex": 0, + "showHeader": true, + "sortBy": [ + { + "desc": false, + "displayName": "drbd_connection_state" + } + ] + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "drbd_connection_state{drbd_connection_state!=\"UpToDate\", drbd_connection_state!=\"Connected\", node=~\"$node\"} == 1", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Disconnected DRBD Resources", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Value": true, + "__name__": true, + "instance": true, + "job": true, + "name": false, + "peer_node_id": true, + "tier": true + }, + "indexByName": { + "Time": 1, + "Value": 10, + "__name__": 2, + "conn_name": 5, + "drbd_connection_state": 4, + "instance": 6, + "job": 7, + "name": 0, + "node": 3, + "peer_node_id": 8, + "tier": 9 + }, + "renameByName": { + "Value #A": "Quorum?", + "conn_name": "Remote Node", + "drbd_connection_state": "State", + "instance": "Instance", + "job": "", + "name": "DRBD Resource", + "node": "Node", + "peer_node_id": "" + } + } + } + ], + "type": "table" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "displayMode": "auto", + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DRBD Resource" + }, + "properties": [ + { + "id": "custom.width", + "value": 279 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Host" + }, + "properties": [ + { + "id": "custom.width", + "value": 238 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Out of Sync" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 49 + }, + "id": 16, + "options": { + "frameIndex": 0, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": false, + "expr": "sum(drbd_peerdevice_outofsync_bytes{node=~\"$node\"}) by(name, node) > 0", + "format": "table", + "hide": false, + "instant": true, + "legendFormat": "", + "refId": "A" + } + ], + "title": "DRBD Resources Out of Sync", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": { + "Time": 0, + "Value": 3, + "name": 1, + "node": 2 + }, + "renameByName": { + "Time": "", + "Value": "Out of Sync", + "instance": "Host", + "name": "DRBD Resource", + "node": "Node" + } + } + }, + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ + { + "desc": true, + "field": "Out of Sync" + } + ] + } + } + ], + "type": "table" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "displayMode": "auto", + "filterable": false + }, + "mappings": [ + { + "options": { + "1": { + "text": "No" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 57 + }, + "id": 31, + "maxDataPoints": null, + "options": { + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(drbd_device_quorum{node=~\"$node\"} == 0) by(node, name)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "DRBD Resources Without Quorum", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Value": true + }, + "indexByName": {}, + "renameByName": { + "Value #A": "Quorum?", + "instance": "Instance", + "name": "DRBD Resource", + "node": "Node" + } + } + } + ], + "type": "table" + }, + { + "datasource": "${datasource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "displayMode": "auto", + "filterable": false + }, + "mappings": [ + { + "options": { + "1": { + "text": "No" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 57 + }, + "id": 30, + "maxDataPoints": null, + "options": { + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "8.2.6", + "targets": [ + { + "exemplar": true, + "expr": "count(drbd_device_unintentionaldiskless{node=~\"$node\"} == 1) by(node, name, minor)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "DRBD Resources with Storage Failure", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Value": true + }, + "indexByName": { + "Time": 0, + "Value": 4, + "minor": 3, + "name": 1, + "node": 2 + }, + "renameByName": { + "Value": "", + "Value #A": "Quorum?", + "instance": "Instance", + "minor": "Minor", + "name": "DRBD Resource", + "node": "Node" + } + } + } + ], + "type": "table" + } + ], + "refresh": "30s", + "schemaVersion": 32, + "style": "dark", + "tags": [ + "storage", + "piraeus" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": "Data Source", + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": {}, + "datasource": "${datasource}", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": null, + "multi": true, + "name": "node", + "options": [], + "query": "label_values(drbdreactor_up, node)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Piraeus Datastore", + "uid": "f_tZtVlMz", + "version": 0 +} diff --git a/go.mod b/go.mod index a9bbce89..c0ce39cf 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ // This is a generated file. Do not edit directly. -module github.com/aenix-io/cozystack +module github.com/cozystack/cozystack go 1.23.0 diff --git a/hack/download-dashboards.sh b/hack/download-dashboards.sh index 61d2ad5d..ade7ca0b 100755 --- a/hack/download-dashboards.sh +++ b/hack/download-dashboards.sh @@ -81,6 +81,7 @@ modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/capacity-p modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-control-plane.json modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-stats.json modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kafka/strimzi-kafka.json +modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//goldpinger/goldpinger.json EOT diff --git a/hack/e2e.sh b/hack/e2e.sh index d5659ef3..c99b7cc1 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -60,7 +60,7 @@ done # Prepare system drive if [ ! -f nocloud-amd64.raw ]; then - wget https://github.com/aenix-io/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz + wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz rm -f nocloud-amd64.raw xz --decompress nocloud-amd64.raw.xz fi diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index b5db051b..1491dd98 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -33,7 +33,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1" + cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" // +kubebuilder:scaffold:imports ) diff --git a/internal/controller/workloadmonitor_controller.go b/internal/controller/workloadmonitor_controller.go index a6096c1a..a6958fe2 100644 --- a/internal/controller/workloadmonitor_controller.go +++ b/internal/controller/workloadmonitor_controller.go @@ -19,7 +19,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" ) // WorkloadMonitorReconciler reconciles a WorkloadMonitor object diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go index 7c542961..04d05d3a 100644 --- a/internal/telemetry/collector.go +++ b/internal/telemetry/collector.go @@ -16,7 +16,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" - cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" ) // Collector handles telemetry data collection and sending diff --git a/manifests/cozystack-installer.yaml b/manifests/cozystack-installer.yaml index 69b2501a..d0d72757 100644 --- a/manifests/cozystack-installer.yaml +++ b/manifests/cozystack-installer.yaml @@ -5,6 +5,7 @@ kind: Namespace metadata: name: cozy-system labels: + cozystack.io/system: "true" pod-security.kubernetes.io/enforce: privileged --- # Source: cozy-installer/templates/cozystack.yaml @@ -68,7 +69,7 @@ spec: serviceAccountName: cozystack containers: - name: cozystack - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.1" + image: "ghcr.io/cozystack/cozystack/installer:v0.28.0" env: - name: KUBERNETES_SERVICE_HOST value: localhost @@ -87,7 +88,7 @@ spec: fieldRef: fieldPath: metadata.name - name: assets - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.1" + image: "ghcr.io/cozystack/cozystack/installer:v0.28.0" command: - /usr/bin/cozystack-assets-server - "-dir=/cozystack/assets" diff --git a/packages/apps/clickhouse/Chart.yaml b/packages/apps/clickhouse/Chart.yaml index f5b6a528..0466800b 100644 --- a/packages/apps/clickhouse/Chart.yaml +++ b/packages/apps/clickhouse/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.1 +version: 0.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/clickhouse/Makefile b/packages/apps/clickhouse/Makefile index 33ae7f36..10460cb0 100644 --- a/packages/apps/clickhouse/Makefile +++ b/packages/apps/clickhouse/Makefile @@ -14,6 +14,7 @@ image: --cache-to type=inline \ --metadata-file images/clickhouse-backup.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \ > images/clickhouse-backup.tag diff --git a/packages/apps/clickhouse/README.md b/packages/apps/clickhouse/README.md index 1bec6bd4..145882be 100644 --- a/packages/apps/clickhouse/README.md +++ b/packages/apps/clickhouse/README.md @@ -36,13 +36,15 @@ more details: ### Backup parameters -| Name | Description | Value | -| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ | -| `backup.enabled` | Enable pereiodic backups | `false` | -| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | -| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` | -| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | -| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | -| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | -| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | -| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | +| `backup.enabled` | Enable pereiodic backups | `false` | +| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | +| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` | +| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | +| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | +| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | +| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | +| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/clickhouse/images/clickhouse-backup.tag b/packages/apps/clickhouse/images/clickhouse-backup.tag index c16b02ba..00acbf1e 100644 --- a/packages/apps/clickhouse/images/clickhouse-backup.tag +++ b/packages/apps/clickhouse/images/clickhouse-backup.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.1@sha256:7a99cabdfd541f863aa5d1b2f7b49afd39838fb94c8448986634a1dc9050751c +ghcr.io/cozystack/cozystack/clickhouse-backup:0.6.2@sha256:67dd53efa86b704fc5cb876aca055fef294b31ab67899b683a4821ea12582ea7 diff --git a/packages/apps/clickhouse/templates/_resources.tpl b/packages/apps/clickhouse/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/clickhouse/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/clickhouse/templates/clickhouse.yaml b/packages/apps/clickhouse/templates/clickhouse.yaml index 43dc2a77..dd4b0fdb 100644 --- a/packages/apps/clickhouse/templates/clickhouse.yaml +++ b/packages/apps/clickhouse/templates/clickhouse.yaml @@ -121,6 +121,11 @@ spec: containers: - name: clickhouse image: clickhouse/clickhouse-server:24.9.2.42 + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 16 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 16 }} + {{- end }} volumeMounts: - name: data-volume-template mountPath: /var/lib/clickhouse diff --git a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml index 3c4f019b..94852e9a 100644 --- a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml +++ b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml @@ -17,3 +17,10 @@ rules: resourceNames: - {{ .Release.Name }}-credentials verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/clickhouse/templates/workloadmonitor.yaml b/packages/apps/clickhouse/templates/workloadmonitor.yaml new file mode 100644 index 00000000..9ddd576e --- /dev/null +++ b/packages/apps/clickhouse/templates/workloadmonitor.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: clickhouse + type: clickhouse + selector: + clickhouse.altinity.com/chi: {{ $.Release.Name }} + version: {{ $.Chart.Version }} diff --git a/packages/apps/clickhouse/values.schema.json b/packages/apps/clickhouse/values.schema.json index 502d96b6..afeeda1e 100644 --- a/packages/apps/clickhouse/values.schema.json +++ b/packages/apps/clickhouse/values.schema.json @@ -76,6 +76,16 @@ "default": "ChaXoveekoh6eigh4siesheeda2quai0" } } + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/clickhouse/values.yaml b/packages/apps/clickhouse/values.yaml index 18362761..721f15dd 100644 --- a/packages/apps/clickhouse/values.yaml +++ b/packages/apps/clickhouse/values.yaml @@ -46,3 +46,16 @@ backup: s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog resticPassword: ChaXoveekoh6eigh4siesheeda2quai0 + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/ferretdb/Chart.yaml b/packages/apps/ferretdb/Chart.yaml index 0b8fc993..fa41dcbd 100644 --- a/packages/apps/ferretdb/Chart.yaml +++ b/packages/apps/ferretdb/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.4.1 +version: 0.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/ferretdb/README.md b/packages/apps/ferretdb/README.md index d5503401..035e23c9 100644 --- a/packages/apps/ferretdb/README.md +++ b/packages/apps/ferretdb/README.md @@ -21,15 +21,17 @@ ### Backup parameters -| Name | Description | Value | -| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ | -| `backup.enabled` | Enable pereiodic backups | `false` | -| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | -| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | -| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | -| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | -| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | -| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | -| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | +| `backup.enabled` | Enable pereiodic backups | `false` | +| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | +| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | +| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | +| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | +| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | +| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | +| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/ferretdb/images/postgres-backup.tag b/packages/apps/ferretdb/images/postgres-backup.tag index aed09674..f0446d42 100644 --- a/packages/apps/ferretdb/images/postgres-backup.tag +++ b/packages/apps/ferretdb/images/postgres-backup.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:71cdf8bdab3d6f27edeec0ab33ddd8c7b56675a4f2d7bbf4d3e09b70ecb43375 +ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521 diff --git a/packages/apps/ferretdb/templates/_resources.tpl b/packages/apps/ferretdb/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/ferretdb/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml index a91a54ac..e8fb6c2e 100644 --- a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml +++ b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml @@ -17,3 +17,10 @@ rules: resourceNames: - {{ .Release.Name }}-credentials verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/ferretdb/templates/postgres.yaml b/packages/apps/ferretdb/templates/postgres.yaml index 6ee92fd4..d9a1f3ec 100644 --- a/packages/apps/ferretdb/templates/postgres.yaml +++ b/packages/apps/ferretdb/templates/postgres.yaml @@ -6,10 +6,20 @@ metadata: spec: instances: {{ .Values.replicas }} enableSuperuserAccess: true - + {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }} + {{- if $configMap }} + {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }} + {{- if $rawConstraints }} + {{- $rawConstraints | fromYaml | toYaml | nindent 2 }} + {{- end }} + {{- end }} minSyncReplicas: {{ .Values.quorum.minSyncReplicas }} maxSyncReplicas: {{ .Values.quorum.maxSyncReplicas }} - + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 4 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 4 }} + {{- end }} monitoring: enablePodMonitor: true diff --git a/packages/apps/ferretdb/templates/workloadmonitor.yaml b/packages/apps/ferretdb/templates/workloadmonitor.yaml new file mode 100644 index 00000000..96e7d87e --- /dev/null +++ b/packages/apps/ferretdb/templates/workloadmonitor.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: ferretdb + type: ferretdb + selector: + app: {{ $.Release.Name }} + version: {{ $.Chart.Version }} diff --git a/packages/apps/ferretdb/values.schema.json b/packages/apps/ferretdb/values.schema.json index b2790710..af05e361 100644 --- a/packages/apps/ferretdb/values.schema.json +++ b/packages/apps/ferretdb/values.schema.json @@ -81,6 +81,16 @@ "default": "ChaXoveekoh6eigh4siesheeda2quai0" } } + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/ferretdb/values.yaml b/packages/apps/ferretdb/values.yaml index 5e96b2db..080ff8c8 100644 --- a/packages/apps/ferretdb/values.yaml +++ b/packages/apps/ferretdb/values.yaml @@ -48,3 +48,16 @@ backup: s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog resticPassword: ChaXoveekoh6eigh4siesheeda2quai0 + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/http-cache/Makefile b/packages/apps/http-cache/Makefile index 1d9cb90b..833a817d 100644 --- a/packages/apps/http-cache/Makefile +++ b/packages/apps/http-cache/Makefile @@ -13,6 +13,7 @@ image-nginx: --cache-to type=inline \ --metadata-file images/nginx-cache.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))@$$(yq e '."containerimage.digest"' images/nginx-cache.json -o json -r)" \ > images/nginx-cache.tag diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index 014f9610..b8aee4b0 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:4c79017b6663f894812d8c3d4f9e03ef44e4d4032ad8bb91945c92c7cce6a0b0 +ghcr.io/cozystack/cozystack/nginx-cache:0.3.1@sha256:2b82eae28239ca0f9968602c69bbb752cd2a5818e64934ccd06cb91d95d019c7 diff --git a/packages/apps/kafka/Chart.yaml b/packages/apps/kafka/Chart.yaml index ec425b02..3d1d6e36 100644 --- a/packages/apps/kafka/Chart.yaml +++ b/packages/apps/kafka/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.2 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kafka/README.md b/packages/apps/kafka/README.md index 56b26e99..7cd045cc 100644 --- a/packages/apps/kafka/README.md +++ b/packages/apps/kafka/README.md @@ -16,6 +16,8 @@ ### Configuration parameters -| Name | Description | Value | -| -------- | -------------------- | ----- | -| `topics` | Topics configuration | `[]` | +| Name | Description | Value | +| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `topics` | Topics configuration | `[]` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/kafka/templates/_resources.tpl b/packages/apps/kafka/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/kafka/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/kafka/templates/dashboard-resourcemap.yaml b/packages/apps/kafka/templates/dashboard-resourcemap.yaml index 7222c152..ba91ccad 100644 --- a/packages/apps/kafka/templates/dashboard-resourcemap.yaml +++ b/packages/apps/kafka/templates/dashboard-resourcemap.yaml @@ -17,3 +17,11 @@ rules: resourceNames: - {{ .Release.Name }}-clients-ca verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + - {{ $.Release.Name }}-zookeeper + verbs: ["get", "list", "watch"] diff --git a/packages/apps/kafka/templates/kafka.yaml b/packages/apps/kafka/templates/kafka.yaml index 0134ca5a..742f365d 100644 --- a/packages/apps/kafka/templates/kafka.yaml +++ b/packages/apps/kafka/templates/kafka.yaml @@ -8,6 +8,11 @@ metadata: spec: kafka: replicas: {{ .Values.kafka.replicas }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 6 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 6 }} + {{- end }} listeners: - name: plain port: 9092 diff --git a/packages/apps/kafka/templates/workloadmonitor.yaml b/packages/apps/kafka/templates/workloadmonitor.yaml new file mode 100644 index 00000000..4b161b04 --- /dev/null +++ b/packages/apps/kafka/templates/workloadmonitor.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: kafka + type: kafka + selector: + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/name: kafka + version: {{ $.Chart.Version }} + +--- + +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }}-zookeeper +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: kafka + type: zookeeper + selector: + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/name: zookeeper + version: {{ $.Chart.Version }} diff --git a/packages/apps/kafka/values.schema.json b/packages/apps/kafka/values.schema.json index 2435457e..eb7e2488 100644 --- a/packages/apps/kafka/values.schema.json +++ b/packages/apps/kafka/values.schema.json @@ -52,6 +52,16 @@ "description": "Topics configuration", "default": [], "items": {} + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/kafka/values.yaml b/packages/apps/kafka/values.yaml index 709906ba..7b05c6de 100644 --- a/packages/apps/kafka/values.yaml +++ b/packages/apps/kafka/values.yaml @@ -39,3 +39,16 @@ zookeeper: ## replicas: 3 ## topics: [] + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml index 1a1a73af..58d8c8ff 100644 --- a/packages/apps/kubernetes/Chart.yaml +++ b/packages/apps/kubernetes/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.15.0 +version: 0.15.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kubernetes/Makefile b/packages/apps/kubernetes/Makefile index 38caaa7c..03799c2b 100644 --- a/packages/apps/kubernetes/Makefile +++ b/packages/apps/kubernetes/Makefile @@ -18,6 +18,7 @@ image-ubuntu-container-disk: --cache-to type=inline \ --metadata-file images/ubuntu-container-disk.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \ > images/ubuntu-container-disk.tag @@ -32,6 +33,7 @@ image-kubevirt-cloud-provider: --cache-to type=inline \ --metadata-file images/kubevirt-cloud-provider.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-cloud-provider.json -o json -r)" \ > images/kubevirt-cloud-provider.tag @@ -46,6 +48,7 @@ image-kubevirt-csi-driver: --cache-to type=inline \ --metadata-file images/kubevirt-csi-driver.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \ > images/kubevirt-csi-driver.tag @@ -61,6 +64,7 @@ image-cluster-autoscaler: --cache-to type=inline \ --metadata-file images/cluster-autoscaler.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/cluster-autoscaler.json -o json -r)" \ > images/cluster-autoscaler.tag diff --git a/packages/apps/kubernetes/images/cluster-autoscaler.tag b/packages/apps/kubernetes/images/cluster-autoscaler.tag index 5e9f0886..df5eadf1 100644 --- a/packages/apps/kubernetes/images/cluster-autoscaler.tag +++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:50efa0d1e807c50d10e8fcece332e4eb7de464e98b23db6e3be02a1ef740821f +ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:967e51702102d0dbd97f9847de4159d62681b31eb606322d2c29755393c2236e diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag index bffc8199..28af4247 100644 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:5f1ab06264c09f3dc7bfc43db0b6e68235ac44f83e8a5277dfb74fe6902d6dca +ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.15.2@sha256:5e054eae6274963b6e84f87bf3330c94325103c6407b08bfb1189da721333b5c diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index f543b8fe..290d4db7 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:7b206eb9c1b44cead6e0e4931c569612fa8034f026d845469ebd2d2ef46b85ab +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:cb4ab74099662f73e058f7c7495fb403488622c3425c06ad23b687bfa8bc805b diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index 716c73db..175160b9 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:b882ff398d297824dbf73dee948cfa684cb18006b91bd152e1f03ed22d7190fa +ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:bc08ea0ced2cb7dd98b26d72a9462fc0a3863adb908a5effbfcdf7227656ea65 diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index a6d596c3..37cc560f 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -118,7 +118,7 @@ spec: ingress: extraAnnotations: nginx.ingress.kubernetes.io/ssl-passthrough: "true" - hostname: {{ .Values.host | default (printf "%s.%s" .Release.Name $host) }}:443 + hostname: {{ .Values.host | default (printf "%s.%s" .Release.Name $host) }} className: "{{ $ingress }}" deployment: podAdditionalMetadata: @@ -250,7 +250,7 @@ spec: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtMachineTemplate name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }} - namespace: default + namespace: {{ $.Release.Namespace }} version: v1.30.1 --- apiVersion: cluster.x-k8s.io/v1beta1 diff --git a/packages/apps/mysql/Chart.yaml b/packages/apps/mysql/Chart.yaml index f03a4f85..d8d04d0c 100644 --- a/packages/apps/mysql/Chart.yaml +++ b/packages/apps/mysql/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.2 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/mysql/Makefile b/packages/apps/mysql/Makefile index d4f4db6c..d32df5dd 100644 --- a/packages/apps/mysql/Makefile +++ b/packages/apps/mysql/Makefile @@ -14,6 +14,7 @@ image: --cache-to type=inline \ --metadata-file images/mariadb-backup.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/mariadb-backup.json -o json -r)" \ > images/mariadb-backup.tag diff --git a/packages/apps/mysql/README.md b/packages/apps/mysql/README.md index c0f635ac..11c0feda 100644 --- a/packages/apps/mysql/README.md +++ b/packages/apps/mysql/README.md @@ -83,14 +83,16 @@ more details: ### Backup parameters -| Name | Description | Value | -| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ | -| `backup.enabled` | Enable pereiodic backups | `false` | -| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | -| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | -| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | -| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | -| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | -| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | -| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | +| `backup.enabled` | Enable pereiodic backups | `false` | +| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | +| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | +| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | +| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | +| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | +| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | +| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index 3873900c..20c4c5aa 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:5994e3f7a57054e3cebc532fa29a90edc9a97befe8993cec011e3e726c83e9bd +ghcr.io/cozystack/cozystack/mariadb-backup:0.5.3@sha256:8ca1fb01e880d351ee7d984a0b437c1142836963cd079986156ed28750067138 diff --git a/packages/apps/mysql/templates/_resources.tpl b/packages/apps/mysql/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/mysql/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/mysql/templates/dashboard-resourcemap.yaml b/packages/apps/mysql/templates/dashboard-resourcemap.yaml index 7ed74101..4093cde1 100644 --- a/packages/apps/mysql/templates/dashboard-resourcemap.yaml +++ b/packages/apps/mysql/templates/dashboard-resourcemap.yaml @@ -18,3 +18,10 @@ rules: resourceNames: - {{ .Release.Name }}-credentials verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/mysql/templates/mariadb.yaml b/packages/apps/mysql/templates/mariadb.yaml index ed5dc140..68d22f85 100644 --- a/packages/apps/mysql/templates/mariadb.yaml +++ b/packages/apps/mysql/templates/mariadb.yaml @@ -72,3 +72,9 @@ spec: #secondaryService: # type: LoadBalancer + + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 4 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 4 }} + {{- end }} diff --git a/packages/apps/mysql/templates/workloadmonitor.yaml b/packages/apps/mysql/templates/workloadmonitor.yaml new file mode 100644 index 00000000..9fc6d144 --- /dev/null +++ b/packages/apps/mysql/templates/workloadmonitor.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: mysql + type: mysql + selector: + app.kubernetes.io/instance: {{ $.Release.Name }} + version: {{ $.Chart.Version }} diff --git a/packages/apps/mysql/values.schema.json b/packages/apps/mysql/values.schema.json index 3884ad30..0089f990 100644 --- a/packages/apps/mysql/values.schema.json +++ b/packages/apps/mysql/values.schema.json @@ -66,6 +66,16 @@ "default": "ChaXoveekoh6eigh4siesheeda2quai0" } } + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/mysql/values.yaml b/packages/apps/mysql/values.yaml index f82f683b..f1c430a4 100644 --- a/packages/apps/mysql/values.yaml +++ b/packages/apps/mysql/values.yaml @@ -54,3 +54,16 @@ backup: s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog resticPassword: ChaXoveekoh6eigh4siesheeda2quai0 + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/nats/Chart.yaml b/packages/apps/nats/Chart.yaml index 02b9fa18..2bae5c73 100644 --- a/packages/apps/nats/Chart.yaml +++ b/packages/apps/nats/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.4.0 +version: 0.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/nats/README.md b/packages/apps/nats/README.md index 239e8696..5f9911a3 100644 --- a/packages/apps/nats/README.md +++ b/packages/apps/nats/README.md @@ -4,13 +4,15 @@ ### Common parameters -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ------- | -| `external` | Enable external access from outside the cluster | `false` | -| `replicas` | Persistent Volume size for NATS | `2` | -| `storageClass` | StorageClass used to store the data | `""` | -| `users` | Users configuration | `{}` | -| `jetstream.size` | Jetstream persistent storage size | `10Gi` | -| `jetstream.enabled` | Enable or disable Jetstream | `true` | -| `config.merge` | Additional configuration to merge into NATS config | `{}` | -| `config.resolver` | Additional configuration to merge into NATS config | `{}` | +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `external` | Enable external access from outside the cluster | `false` | +| `replicas` | Persistent Volume size for NATS | `2` | +| `storageClass` | StorageClass used to store the data | `""` | +| `users` | Users configuration | `{}` | +| `jetstream.size` | Jetstream persistent storage size | `10Gi` | +| `jetstream.enabled` | Enable or disable Jetstream | `true` | +| `config.merge` | Additional configuration to merge into NATS config | `{}` | +| `config.resolver` | Additional configuration to merge into NATS config | `{}` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/nats/templates/_resources.tpl b/packages/apps/nats/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/nats/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/nats/templates/nats.yaml b/packages/apps/nats/templates/nats.yaml index 3e843ccf..019c7984 100644 --- a/packages/apps/nats/templates/nats.yaml +++ b/packages/apps/nats/templates/nats.yaml @@ -38,6 +38,17 @@ spec: timeout: 5m0s values: nats: + podTemplate: + merge: + spec: + containers: + - name: nats + image: nats:2.10.17-alpine + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 22 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 22 }} + {{- end }} fullnameOverride: {{ .Release.Name }} config: {{- if or (gt (len $passwords) 0) (gt (len .Values.config.merge) 0) }} diff --git a/packages/apps/nats/templates/resourcemap.yaml b/packages/apps/nats/templates/resourcemap.yaml index a91a54ac..e8fb6c2e 100644 --- a/packages/apps/nats/templates/resourcemap.yaml +++ b/packages/apps/nats/templates/resourcemap.yaml @@ -17,3 +17,10 @@ rules: resourceNames: - {{ .Release.Name }}-credentials verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/nats/templates/workloadmonitor.yaml b/packages/apps/nats/templates/workloadmonitor.yaml new file mode 100644 index 00000000..43d64a46 --- /dev/null +++ b/packages/apps/nats/templates/workloadmonitor.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: nats + type: nats + selector: + app.kubernetes.io/instance: {{ $.Release.Name }}-system + version: {{ $.Chart.Version }} diff --git a/packages/apps/nats/values.schema.json b/packages/apps/nats/values.schema.json index 8943647a..fe607a39 100644 --- a/packages/apps/nats/values.schema.json +++ b/packages/apps/nats/values.schema.json @@ -46,6 +46,16 @@ "default": {} } } + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/nats/values.yaml b/packages/apps/nats/values.yaml index 57f6580c..3d12fb65 100644 --- a/packages/apps/nats/values.yaml +++ b/packages/apps/nats/values.yaml @@ -61,3 +61,16 @@ config: ## Default: {} ## Example see: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/values.yaml#L247 resolver: {} + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/postgres/Chart.yaml b/packages/apps/postgres/Chart.yaml index 988feb50..4dcda816 100644 --- a/packages/apps/postgres/Chart.yaml +++ b/packages/apps/postgres/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.8.0 +version: 0.10.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/postgres/Makefile b/packages/apps/postgres/Makefile index dacc164b..78639877 100644 --- a/packages/apps/postgres/Makefile +++ b/packages/apps/postgres/Makefile @@ -14,6 +14,7 @@ image: --cache-to type=inline \ --metadata-file images/postgres-backup.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/postgres-backup.json -o json -r)" \ > images/postgres-backup.tag diff --git a/packages/apps/postgres/README.md b/packages/apps/postgres/README.md index c0d2dfd7..764f1b94 100644 --- a/packages/apps/postgres/README.md +++ b/packages/apps/postgres/README.md @@ -58,13 +58,15 @@ more details: ### Backup parameters -| Name | Description | Value | -| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ | -| `backup.enabled` | Enable pereiodic backups | `false` | -| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | -| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | -| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | -| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | -| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | -| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | -| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | +| `backup.enabled` | Enable pereiodic backups | `false` | +| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | +| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | +| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | +| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | +| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | +| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | +| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/postgres/images/postgres-backup.tag b/packages/apps/postgres/images/postgres-backup.tag index aed09674..f0446d42 100644 --- a/packages/apps/postgres/images/postgres-backup.tag +++ b/packages/apps/postgres/images/postgres-backup.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:71cdf8bdab3d6f27edeec0ab33ddd8c7b56675a4f2d7bbf4d3e09b70ecb43375 +ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521 diff --git a/packages/apps/postgres/templates/_resources.tpl b/packages/apps/postgres/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/postgres/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/postgres/templates/db.yaml b/packages/apps/postgres/templates/db.yaml index 22db426b..9de84d1d 100644 --- a/packages/apps/postgres/templates/db.yaml +++ b/packages/apps/postgres/templates/db.yaml @@ -5,8 +5,20 @@ metadata: name: {{ .Release.Name }} spec: instances: {{ .Values.replicas }} - enableSuperuserAccess: true + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 4 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 4 }} + {{- end }} + enableSuperuserAccess: true + {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }} + {{- if $configMap }} + {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }} + {{- if $rawConstraints }} + {{- $rawConstraints | fromYaml | toYaml | nindent 2 }} + {{- end }} + {{- end }} postgresql: parameters: max_wal_senders: "30" diff --git a/packages/apps/postgres/values.schema.json b/packages/apps/postgres/values.schema.json index b5214b3f..600e7675 100644 --- a/packages/apps/postgres/values.schema.json +++ b/packages/apps/postgres/values.schema.json @@ -101,6 +101,16 @@ "default": "ChaXoveekoh6eigh4siesheeda2quai0" } } + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/postgres/values.yaml b/packages/apps/postgres/values.yaml index 50adc1fa..07618c56 100644 --- a/packages/apps/postgres/values.yaml +++ b/packages/apps/postgres/values.yaml @@ -76,3 +76,16 @@ backup: s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog resticPassword: ChaXoveekoh6eigh4siesheeda2quai0 + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/rabbitmq/Chart.yaml b/packages/apps/rabbitmq/Chart.yaml index eaab0c42..2218642f 100644 --- a/packages/apps/rabbitmq/Chart.yaml +++ b/packages/apps/rabbitmq/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.4.3 +version: 0.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/rabbitmq/README.md b/packages/apps/rabbitmq/README.md index 2a0e83c0..f112bb50 100644 --- a/packages/apps/rabbitmq/README.md +++ b/packages/apps/rabbitmq/README.md @@ -22,7 +22,9 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an ### Configuration parameters -| Name | Description | Value | -| -------- | --------------------------- | ----- | -| `users` | Users configuration | `{}` | -| `vhosts` | Virtual Hosts configuration | `{}` | +| Name | Description | Value | +| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `users` | Users configuration | `{}` | +| `vhosts` | Virtual Hosts configuration | `{}` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/rabbitmq/templates/_resources.tpl b/packages/apps/rabbitmq/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/rabbitmq/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml index a85dc212..6a7aee79 100644 --- a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml +++ b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml @@ -20,3 +20,10 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml index f013cef0..ea49187b 100644 --- a/packages/apps/rabbitmq/templates/rabbitmq.yaml +++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml @@ -11,7 +11,11 @@ spec: service: type: LoadBalancer {{- end }} - + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 4 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 4 }} + {{- end }} override: statefulSet: spec: diff --git a/packages/apps/rabbitmq/templates/workloadmonitor.yaml b/packages/apps/rabbitmq/templates/workloadmonitor.yaml new file mode 100644 index 00000000..0f7462c7 --- /dev/null +++ b/packages/apps/rabbitmq/templates/workloadmonitor.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ $.Release.Name }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: rabbitmq + type: rabbitmq + selector: + app.kubernetes.io/name: {{ $.Release.Name }} + version: {{ $.Chart.Version }} diff --git a/packages/apps/rabbitmq/values.schema.json b/packages/apps/rabbitmq/values.schema.json index 159a8fa7..7339e6c7 100644 --- a/packages/apps/rabbitmq/values.schema.json +++ b/packages/apps/rabbitmq/values.schema.json @@ -26,6 +26,16 @@ "type": "object", "description": "Virtual Hosts configuration", "default": {} + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/rabbitmq/values.yaml b/packages/apps/rabbitmq/values.yaml index 539c5ebc..246bac1f 100644 --- a/packages/apps/rabbitmq/values.yaml +++ b/packages/apps/rabbitmq/values.yaml @@ -39,3 +39,16 @@ users: {} ## admin: ## - user3 vhosts: {} + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/redis/Chart.yaml b/packages/apps/redis/Chart.yaml index 492c67ef..07556e67 100644 --- a/packages/apps/redis/Chart.yaml +++ b/packages/apps/redis/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.0 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/redis/README.md b/packages/apps/redis/README.md index cc932a05..ef2c9b99 100644 --- a/packages/apps/redis/README.md +++ b/packages/apps/redis/README.md @@ -13,12 +13,14 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche ### Common parameters -| Name | Description | Value | -| -------------- | ----------------------------------------------- | ------- | -| `external` | Enable external access from outside the cluster | `false` | -| `size` | Persistent Volume size | `1Gi` | -| `replicas` | Number of Redis replicas | `2` | -| `storageClass` | StorageClass used to store the data | `""` | -| `authEnabled` | Enable password generation | `true` | +| Name | Description | Value | +| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `external` | Enable external access from outside the cluster | `false` | +| `size` | Persistent Volume size | `1Gi` | +| `replicas` | Number of Redis replicas | `2` | +| `storageClass` | StorageClass used to store the data | `""` | +| `authEnabled` | Enable password generation | `true` | +| `resources` | Resources | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | diff --git a/packages/apps/redis/templates/_resources.tpl b/packages/apps/redis/templates/_resources.tpl new file mode 100644 index 00000000..7ada56d4 --- /dev/null +++ b/packages/apps/redis/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/apps/redis/templates/redisfailover.yaml b/packages/apps/redis/templates/redisfailover.yaml index 0dfd2f56..fddda39a 100644 --- a/packages/apps/redis/templates/redisfailover.yaml +++ b/packages/apps/redis/templates/redisfailover.yaml @@ -25,19 +25,18 @@ metadata: spec: sentinel: replicas: 3 - resources: - requests: - cpu: 100m - limits: - memory: 100Mi + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 6 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 6 }} + {{- end }} redis: replicas: {{ .Values.replicas }} - resources: - requests: - cpu: 150m - memory: 400Mi - limits: - memory: 1000Mi + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 6 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 6 }} + {{- end }} {{- with .Values.size }} storage: persistentVolumeClaim: diff --git a/packages/apps/redis/values.schema.json b/packages/apps/redis/values.schema.json index aa96f278..4c7ff463 100644 --- a/packages/apps/redis/values.schema.json +++ b/packages/apps/redis/values.schema.json @@ -26,6 +26,16 @@ "type": "boolean", "description": "Enable password generation", "default": true + }, + "resources": { + "type": "object", + "description": "Resources", + "default": {} + }, + "resourcesPreset": { + "type": "string", + "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).", + "default": "nano" } } } \ No newline at end of file diff --git a/packages/apps/redis/values.yaml b/packages/apps/redis/values.yaml index a330419d..fc2e69d1 100644 --- a/packages/apps/redis/values.yaml +++ b/packages/apps/redis/values.yaml @@ -11,3 +11,16 @@ size: 1Gi replicas: 2 storageClass: "" authEnabled: true + +## @param resources Resources +resources: {} + # resources: + # limits: + # cpu: 4000m + # memory: 4Gi + # requests: + # cpu: 100m + # memory: 512Mi + +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +resourcesPreset: "nano" diff --git a/packages/apps/tenant/Chart.yaml b/packages/apps/tenant/Chart.yaml index d8f2853a..7e1a5573 100644 --- a/packages/apps/tenant/Chart.yaml +++ b/packages/apps/tenant/Chart.yaml @@ -4,4 +4,4 @@ description: Separated tenant namespace icon: /logos/tenant.svg type: application -version: 1.7.0 +version: 1.9.0 diff --git a/packages/apps/tenant/README.md b/packages/apps/tenant/README.md index 6e270636..f43db79a 100644 --- a/packages/apps/tenant/README.md +++ b/packages/apps/tenant/README.md @@ -50,11 +50,12 @@ tenant-u1 ### Common parameters -| Name | Description | Value | -| ------------ | --------------------------------------------------------------------------------------------------------------------------- | ------- | -| `host` | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `""` | -| `etcd` | Deploy own Etcd cluster | `false` | -| `monitoring` | Deploy own Monitoring Stack | `false` | -| `ingress` | Deploy own Ingress Controller | `false` | -| `seaweedfs` | Deploy own SeaweedFS | `false` | -| `isolated` | Enforce tenant namespace with network policies | `false` | +| Name | Description | Value | +| ---------------- | --------------------------------------------------------------------------------------------------------------------------- | ------- | +| `host` | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `""` | +| `etcd` | Deploy own Etcd cluster | `false` | +| `monitoring` | Deploy own Monitoring Stack | `false` | +| `ingress` | Deploy own Ingress Controller | `false` | +| `seaweedfs` | Deploy own SeaweedFS | `false` | +| `isolated` | Enforce tenant namespace with network policies | `true` | +| `resourceQuotas` | Define resource quotas for the tenant | `{}` | diff --git a/packages/apps/tenant/templates/quota.yaml b/packages/apps/tenant/templates/quota.yaml new file mode 100644 index 00000000..8daf0607 --- /dev/null +++ b/packages/apps/tenant/templates/quota.yaml @@ -0,0 +1,10 @@ +{{- if .Values.resourceQuotas }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: tenant-quota + namespace: {{ include "tenant.name" . }} +spec: + hard: + {{- toYaml .Values.resourceQuotas | nindent 4 }} +{{- end }} diff --git a/packages/apps/tenant/values.schema.json b/packages/apps/tenant/values.schema.json index 4d270ecd..8ffe458f 100644 --- a/packages/apps/tenant/values.schema.json +++ b/packages/apps/tenant/values.schema.json @@ -30,7 +30,12 @@ "isolated": { "type": "boolean", "description": "Enforce tenant namespace with network policies", - "default": false + "default": true + }, + "resourceQuotas": { + "type": "object", + "description": "Define resource quotas for the tenant", + "default": {} } } } \ No newline at end of file diff --git a/packages/apps/tenant/values.yaml b/packages/apps/tenant/values.yaml index ec4dcb18..4b3b5df9 100644 --- a/packages/apps/tenant/values.yaml +++ b/packages/apps/tenant/values.yaml @@ -6,9 +6,18 @@ ## @param ingress Deploy own Ingress Controller ## @param seaweedfs Deploy own SeaweedFS ## @param isolated Enforce tenant namespace with network policies +## @param resourceQuotas Define resource quotas for the tenant host: "" etcd: false monitoring: false ingress: false seaweedfs: false -isolated: false +isolated: true +resourceQuotas: {} +# resourceQuotas: +# requests.cpu: "1" +# requests.memory: "1Gi" +# limits.cpu: "2" +# limits.memory: "2Gi" +# requests.nvidia.com/gpu: 4 +# requests.storage: 100Gi diff --git a/packages/apps/versions_map b/packages/apps/versions_map index cd962870..cfd912ab 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -6,13 +6,17 @@ clickhouse 0.3.0 b00621e clickhouse 0.4.0 320fc32 clickhouse 0.5.0 2a4768a5 clickhouse 0.6.0 18bbdb67 -clickhouse 0.6.1 HEAD +clickhouse 0.6.1 b7375f73 +clickhouse 0.6.2 425ce77f +clickhouse 0.7.0 HEAD ferretdb 0.1.0 4ffa8615 ferretdb 0.1.1 5ca8823 ferretdb 0.2.0 adaf603 ferretdb 0.3.0 aa2f553 ferretdb 0.4.0 def2eb0f -ferretdb 0.4.1 HEAD +ferretdb 0.4.1 a9555210 +ferretdb 0.4.2 425ce77f +ferretdb 0.5.0 HEAD http-cache 0.1.0 a956713 http-cache 0.2.0 5ca8823 http-cache 0.3.0 fab5940 @@ -24,7 +28,9 @@ kafka 0.2.2 d0758692 kafka 0.2.3 5ca8823 kafka 0.3.0 c07c4bbd kafka 0.3.1 b7375f73 -kafka 0.3.2 HEAD +kafka 0.3.2 b75aaf17 +kafka 0.3.3 425ce77f +kafka 0.4.0 HEAD kubernetes 0.1.0 f642698 kubernetes 0.2.0 7cd7de73 kubernetes 0.3.0 7caccec1 @@ -44,19 +50,25 @@ kubernetes 0.12.1 28fca4e kubernetes 0.13.0 ced8e5b9 kubernetes 0.14.0 bfbde07c kubernetes 0.14.1 fde4bcfa -kubernetes 0.15.0 HEAD +kubernetes 0.15.0 cb7b8158 +kubernetes 0.15.1 43e593c7 +kubernetes 0.15.2 HEAD mysql 0.1.0 f642698 mysql 0.2.0 8b975ff0 mysql 0.3.0 5ca8823 mysql 0.4.0 93018c4 mysql 0.5.0 4b84798 mysql 0.5.1 fab5940b -mysql 0.5.2 HEAD +mysql 0.5.2 d8a92aa3 +mysql 0.5.3 425ce77f +mysql 0.6.0 HEAD nats 0.1.0 5ca8823 nats 0.2.0 c07c4bbd nats 0.3.0 78366f19 nats 0.3.1 b7375f73 -nats 0.4.0 HEAD +nats 0.4.0 da1e705a +nats 0.4.1 425ce77f +nats 0.5.0 HEAD postgres 0.1.0 f642698 postgres 0.2.0 7cd7de73 postgres 0.2.1 4a97e297 @@ -68,20 +80,25 @@ postgres 0.6.0 2a4768a postgres 0.6.2 54fd61c postgres 0.7.0 dc9d8bb postgres 0.7.1 175a65f -postgres 0.8.0 HEAD +postgres 0.8.0 cb7b8158 +postgres 0.9.0 160e4e2a +postgres 0.10.0 HEAD rabbitmq 0.1.0 f642698 rabbitmq 0.2.0 5ca8823 rabbitmq 0.3.0 9e33dc0 rabbitmq 0.4.0 36d8855 rabbitmq 0.4.1 35536bb rabbitmq 0.4.2 00b2834e -rabbitmq 0.4.3 HEAD +rabbitmq 0.4.3 d8a92aa3 +rabbitmq 0.4.4 425ce77f +rabbitmq 0.5.0 HEAD redis 0.1.1 f642698 redis 0.2.0 5ca8823 redis 0.3.0 c07c4bbd redis 0.3.1 b7375f73 redis 0.4.0 abc8f082 -redis 0.5.0 HEAD +redis 0.5.0 0e728870 +redis 0.6.0 HEAD tcp-balancer 0.1.0 f642698 tcp-balancer 0.2.0 HEAD tenant 0.1.3 3d1b86c @@ -103,7 +120,9 @@ tenant 1.6.5 f1e11451 tenant 1.6.6 d4634797 tenant 1.6.7 06afcf27 tenant 1.6.8 4cc48e6f -tenant 1.7.0 HEAD +tenant 1.7.0 6c73e3f3 +tenant 1.8.0 e2369ba +tenant 1.9.0 HEAD virtual-machine 0.1.4 f2015d6 virtual-machine 0.1.5 7cd7de7 virtual-machine 0.2.0 5ca8823 @@ -111,10 +130,12 @@ virtual-machine 0.3.0 b908400 virtual-machine 0.4.0 4746d51 virtual-machine 0.5.0 cad9cde virtual-machine 0.6.0 0e728870 +virtual-machine 0.6.1 af58018a virtual-machine 0.7.0 af58018a virtual-machine 0.7.1 05857b95 virtual-machine 0.8.0 3fa4dd3 -virtual-machine 0.8.1 HEAD +virtual-machine 0.8.1 3fa4dd3a +virtual-machine 0.8.2 HEAD vm-disk 0.1.0 HEAD vm-instance 0.1.0 ced8e5b9 vm-instance 0.2.0 4f767ee3 diff --git a/packages/apps/virtual-machine/Chart.yaml b/packages/apps/virtual-machine/Chart.yaml index dedc9df0..22fb1c8c 100644 --- a/packages/apps/virtual-machine/Chart.yaml +++ b/packages/apps/virtual-machine/Chart.yaml @@ -17,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.8.1 +version: 0.8.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.8.1" +appVersion: "0.8.2" diff --git a/packages/apps/virtual-machine/Makefile b/packages/apps/virtual-machine/Makefile index e1bc3a91..567a3813 100644 --- a/packages/apps/virtual-machine/Makefile +++ b/packages/apps/virtual-machine/Makefile @@ -8,4 +8,4 @@ generate: && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json - yq -i -o json '.properties.externalMethod.enum = ["wholeIP", "PortList"]' values.schema.json + yq -i -o json '.properties.externalMethod.enum = ["WholeIP", "PortList"]' values.schema.json diff --git a/packages/apps/virtual-machine/values.schema.json b/packages/apps/virtual-machine/values.schema.json index d2c53544..02b60675 100644 --- a/packages/apps/virtual-machine/values.schema.json +++ b/packages/apps/virtual-machine/values.schema.json @@ -12,7 +12,7 @@ "description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`", "default": "WholeIP", "enum": [ - "wholeIP", + "WholeIP", "PortList" ] }, diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile index 8dd276af..31cca9a9 100644 --- a/packages/core/installer/Makefile +++ b/packages/core/installer/Makefile @@ -28,16 +28,17 @@ image-cozystack: run-builder make -C ../../.. repos docker buildx build -f images/cozystack/Dockerfile ../../.. \ --provenance false \ - --tag $(REGISTRY)/cozystack:$(call settag,$(TAG)) \ - --cache-from type=registry,ref=$(REGISTRY)/cozystack:latest \ + --tag $(REGISTRY)/installer:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/installer:latest \ --platform linux/amd64 \ --cache-to type=inline \ - --metadata-file images/cozystack.json \ + --metadata-file images/installer.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) - IMAGE="$(REGISTRY)/cozystack:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/cozystack.json -o json -r)" \ + IMAGE="$(REGISTRY)/installer:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/installer.json -o json -r)" \ yq -i '.cozystack.image = strenv(IMAGE)' values.yaml - rm -f images/cozystack.json + rm -f images/installer.json image-talos: run-builder test -f ../../../_out/assets/installer-amd64.tar || make talos-installer @@ -54,6 +55,7 @@ image-matchbox: run-builder --cache-to type=inline \ --metadata-file images/matchbox.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \ > ../../extra/bootbox/images/matchbox.tag diff --git a/packages/core/installer/templates/cozystack.yaml b/packages/core/installer/templates/cozystack.yaml index 98d48e41..10ebdc1f 100644 --- a/packages/core/installer/templates/cozystack.yaml +++ b/packages/core/installer/templates/cozystack.yaml @@ -4,6 +4,7 @@ kind: Namespace metadata: name: cozy-system labels: + cozystack.io/system: "true" pod-security.kubernetes.io/enforce: privileged --- apiVersion: v1 diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index 516ba171..c3b3f641 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/aenix-io/cozystack/cozystack:v0.25.2@sha256:5b70cd5a01d1c32f9072e37d3f5ae91f2a52516ff11dd25325c7da7ddba73c8b + image: ghcr.io/cozystack/cozystack/installer:v0.28.0@sha256:71ae2037ca44d49bbcf8be56c127ee92f2486089a8ea1cdd6508af49705956ac diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index 0c1ad6de..d44eb3df 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -174,7 +174,7 @@ releases: chart: cozy-linstor namespace: cozy-linstor privileged: true - dependsOn: [piraeus-operator,cilium,cert-manager] + dependsOn: [piraeus-operator,cilium,cert-manager,snapshot-controller] - name: telepresence releaseName: traffic-manager diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index fdf0db75..cd9cb806 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -50,6 +50,13 @@ releases: SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}" JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}" +- name: kubeovn-webhook + releaseName: kubeovn-webhook + chart: cozy-kubeovn-webhook + namespace: cozy-kubeovn + privileged: true + dependsOn: [cilium,kubeovn,cert-manager] + - name: cozy-proxy releaseName: cozystack chart: cozy-cozy-proxy @@ -205,7 +212,7 @@ releases: chart: cozy-linstor namespace: cozy-linstor privileged: true - dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager] + dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager,snapshot-controller] - name: snapshot-controller releaseName: snapshot-controller @@ -246,19 +253,14 @@ releases: {{- end }} {{- end }} dashboard: - image: - registry: ghcr.io/aenix-io/cozystack - repository: dashboard - tag: v0.25.0 - digest: "sha256:81e7b625c667bce5fc339eb97c8e115eafb82f66df4501550b3677ac53f6e234" - {{- $wlConfigmap := lookup "v1" "ConfigMap" "cozy-dashboard" "white-label" }} - {{- $locale := dig "data" "locale" "" $wlConfigmap }} - {{- if $locale }} + {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} + {{- $branding := dig "data" "branding" "" $cozystackBranding }} + {{- if $branding }} customLocale: - "Kubeapps": {{ $locale }} + "Kubeapps": {{ $branding }} {{- end }} customStyle: | - {{- $logoImage := dig "data" "logo" "" $wlConfigmap }} + {{- $logoImage := dig "data" "logo" "" $cozystackBranding }} {{- if $logoImage }} .kubeapps-logo { background-image: {{ $logoImage }} @@ -364,3 +366,17 @@ releases: cozystack: configHash: {{ $cozyConfig | toJson | sha256sum }} {{- end }} + +- name: goldpinger + releaseName: goldpinger + chart: cozy-goldpinger + namespace: cozy-goldpinger + privileged: true + dependsOn: [monitoring-agents] + +- name: vertical-pod-autoscaler + releaseName: vertical-pod-autoscaler + chart: cozy-vertical-pod-autoscaler + namespace: cozy-vertical-pod-autoscaler + privileged: true + dependsOn: [monitoring-agents] diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 4185fc16..42ea63a9 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -169,19 +169,14 @@ releases: {{- end }} {{- end }} dashboard: - image: - registry: ghcr.io/aenix-io/cozystack - repository: dashboard - tag: v0.25.0 - digest: "sha256:81e7b625c667bce5fc339eb97c8e115eafb82f66df4501550b3677ac53f6e234" - {{- $wlConfigmap := lookup "v1" "ConfigMap" "cozy-dashboard" "white-label" }} - {{- $locale := dig "data" "locale" "" $wlConfigmap }} - {{- if $locale }} + {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} + {{- $branding := dig "data" "branding" "" $cozystackBranding }} + {{- if $branding }} customLocale: - "Kubeapps": {{ $locale }} + "Kubeapps": {{ $branding }} {{- end }} customStyle: | - {{- $logoImage := dig "data" "logo" "" $wlConfigmap }} + {{- $logoImage := dig "data" "logo" "" $cozystackBranding }} {{- if $logoImage }} .kubeapps-logo { background-image: {{ $logoImage }} @@ -245,3 +240,17 @@ releases: cozystack: configHash: {{ $cozyConfig | toJson | sha256sum }} {{- end }} + +- name: goldpinger + releaseName: goldpinger + chart: cozy-goldpinger + namespace: cozy-goldpinger + privileged: true + dependsOn: [monitoring-agents] + +- name: vertical-pod-autoscaler + releaseName: vertical-pod-autoscaler + chart: cozy-vertical-pod-autoscaler + namespace: cozy-vertical-pod-autoscaler + privileged: true + dependsOn: [monitoring-agents] diff --git a/packages/core/testing/Makefile b/packages/core/testing/Makefile index f8f3e5c6..861f9a96 100755 --- a/packages/core/testing/Makefile +++ b/packages/core/testing/Makefile @@ -28,6 +28,7 @@ image-e2e-sandbox: --cache-to type=inline \ --metadata-file images/e2e-sandbox.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) IMAGE="$(REGISTRY)/e2e-sandbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/e2e-sandbox.json -o json -r)" \ yq -i '.e2e.image = strenv(IMAGE)' values.yaml diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index 61b5756b..4b4eda1a 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.25.2@sha256:3c505ef20030ee4ff9412553c7ecc2077c01fb2785ff48991c404e09cd0db69f + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.28.0@sha256:bb5e8f5d92e2e4305ea1cc7f007b3e98769645ab845f632b4788b9373cd207eb diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index e8fe34b8..7bb3bb2d 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/matchbox:v0.25.2@sha256:32350617412bf29d4a8f29364e95f9814506522f98d31acab0ab19967613eef7 +ghcr.io/cozystack/cozystack/matchbox:v0.28.0@sha256:b2002815727b71e2657a6f5b8ed558cc38fc21e81a39b9699266e558be03561f diff --git a/packages/extra/etcd/Chart.yaml b/packages/extra/etcd/Chart.yaml index e5182043..75f070fc 100644 --- a/packages/extra/etcd/Chart.yaml +++ b/packages/extra/etcd/Chart.yaml @@ -3,4 +3,4 @@ name: etcd description: Storage for Kubernetes clusters icon: /logos/etcd.svg type: application -version: 2.5.0 +version: 2.6.1 diff --git a/packages/extra/etcd/templates/etcd-cluster.yaml b/packages/extra/etcd/templates/etcd-cluster.yaml index 6bc7cedb..a31520fa 100644 --- a/packages/extra/etcd/templates/etcd-cluster.yaml +++ b/packages/extra/etcd/templates/etcd-cluster.yaml @@ -73,11 +73,12 @@ spec: - "key encipherment" - "cert sign" commonName: etcd-peer-ca + duration: 87600h subject: organizations: - - ACME Inc. + - {{ .Release.Namespace }} organizationalUnits: - - Widgets + - {{ .Release.Name }} secretName: etcd-peer-ca-tls privateKey: algorithm: RSA @@ -98,11 +99,12 @@ spec: - "key encipherment" - "cert sign" commonName: etcd-ca + duration: 87600h subject: organizations: - - ACME Inc. + - {{ .Release.Namespace }} organizationalUnits: - - Widgets + - {{ .Release.Name }} secretName: etcd-ca-tls privateKey: algorithm: RSA @@ -133,9 +135,16 @@ kind: Certificate metadata: name: etcd-server spec: + commonName: etcd-server secretName: etcd-server-tls + subject: + organizations: + - {{ .Release.Namespace }} + organizationalUnits: + - {{ .Release.Name }} isCA: false usages: + - "client auth" - "server auth" - "signing" - "key encipherment" @@ -146,6 +155,7 @@ spec: - etcd-{{ $i }}.etcd-headless.{{ $.Release.Namespace }}.svc {{- end }} - localhost + ipAddresses: - "127.0.0.1" privateKey: rotationPolicy: Always @@ -159,7 +169,13 @@ kind: Certificate metadata: name: etcd-peer spec: + commonName: etcd-peer secretName: etcd-peer-tls + subject: + organizations: + - {{ .Release.Namespace }} + organizationalUnits: + - {{ .Release.Name }} isCA: false usages: - "server auth" @@ -173,6 +189,7 @@ spec: - etcd-{{ $i }}.etcd-headless.{{ $.Release.Namespace }}.svc {{- end }} - localhost + ipAddresses: - "127.0.0.1" privateKey: rotationPolicy: Always @@ -188,6 +205,11 @@ metadata: spec: commonName: root secretName: etcd-client-tls + subject: + organizations: + - {{ .Release.Namespace }} + organizationalUnits: + - {{ .Release.Name }} usages: - "signing" - "key encipherment" diff --git a/packages/extra/etcd/templates/hook/job.yaml b/packages/extra/etcd/templates/hook/job.yaml new file mode 100644 index 00000000..1a93e6f2 --- /dev/null +++ b/packages/extra/etcd/templates/hook/job.yaml @@ -0,0 +1,39 @@ +{{- $shouldUpdateCerts := true }} +{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace "etcd-deployed-version" }} +{{- if $configMap }} + {{- $deployedVersion := index $configMap "data" "version" }} + {{- if $deployedVersion | semverCompare ">= 2.6.1" }} + {{- $shouldUpdateCerts = false }} + {{- end }} +{{- end }} + +{{- if $shouldUpdateCerts }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: etcd-hook + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded +spec: + template: + metadata: + labels: + policy.cozystack.io/allow-to-apiserver: "true" + spec: + serviceAccountName: etcd-hook + containers: + - name: kubectl + image: bitnami/kubectl:latest + command: + - sh + args: + - -exc + - |- + kubectl --namespace={{ .Release.Namespace }} delete secrets etcd-ca-tls etcd-peer-ca-tls + sleep 10 + kubectl --namespace={{ .Release.Namespace }} delete secrets etcd-client-tls etcd-peer-tls etcd-server-tls + kubectl --namespace={{ .Release.Namespace }} delete pods --selector=app.kubernetes.io/instance=etcd,app.kubernetes.io/managed-by=etcd-operator,app.kubernetes.io/name=etcd,cozystack.io/service=etcd + restartPolicy: Never +{{- end }} diff --git a/packages/extra/etcd/templates/hook/role.yaml b/packages/extra/etcd/templates/hook/role.yaml new file mode 100644 index 00000000..327eeadb --- /dev/null +++ b/packages/extra/etcd/templates/hook/role.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + name: etcd-hook +rules: +- apiGroups: + - "" + resources: + - secrets + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch diff --git a/packages/extra/etcd/templates/hook/rolebinding.yaml b/packages/extra/etcd/templates/hook/rolebinding.yaml new file mode 100644 index 00000000..0ee0ffd1 --- /dev/null +++ b/packages/extra/etcd/templates/hook/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: etcd-hook + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: etcd-hook +subjects: + - kind: ServiceAccount + name: etcd-hook + namespace: {{ .Release.Namespace | quote }} diff --git a/packages/extra/etcd/templates/hook/serviceaccount.yaml b/packages/extra/etcd/templates/hook/serviceaccount.yaml new file mode 100644 index 00000000..552fb5fc --- /dev/null +++ b/packages/extra/etcd/templates/hook/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: etcd-hook + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded diff --git a/packages/extra/etcd/templates/version.yaml b/packages/extra/etcd/templates/version.yaml new file mode 100644 index 00000000..cc9375bb --- /dev/null +++ b/packages/extra/etcd/templates/version.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: etcd-deployed-version +data: + version: {{ .Chart.Version }} diff --git a/packages/extra/etcd/values.schema.json b/packages/extra/etcd/values.schema.json index d6520a2e..0582e97c 100644 --- a/packages/extra/etcd/values.schema.json +++ b/packages/extra/etcd/values.schema.json @@ -18,4 +18,4 @@ "default": 3 } } -} \ No newline at end of file +} diff --git a/packages/extra/info/logos/info.svg b/packages/extra/info/logos/info.svg index c5edee82..6c46ad24 100644 --- a/packages/extra/info/logos/info.svg +++ b/packages/extra/info/logos/info.svg @@ -1,13 +1,15 @@ - - - - - - - - \ No newline at end of file + + + + + + + + + + + + + + + diff --git a/packages/extra/monitoring/Chart.yaml b/packages/extra/monitoring/Chart.yaml index 008ee605..8d40963c 100644 --- a/packages/extra/monitoring/Chart.yaml +++ b/packages/extra/monitoring/Chart.yaml @@ -3,4 +3,4 @@ name: monitoring description: Monitoring and observability stack icon: /logos/monitoring.svg type: application -version: 1.8.0 +version: 1.9.0 diff --git a/packages/extra/monitoring/Makefile b/packages/extra/monitoring/Makefile index c7ad388e..dd5b4386 100644 --- a/packages/extra/monitoring/Makefile +++ b/packages/extra/monitoring/Makefile @@ -20,6 +20,7 @@ image: --cache-to type=inline \ --metadata-file images/grafana.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/grafana:$(call settag,$(GRAFANA_TAG))@$$(yq e '."containerimage.digest"' images/grafana.json -o json -r)" \ > images/grafana.tag diff --git a/packages/extra/monitoring/dashboards.list b/packages/extra/monitoring/dashboards.list index 0de7bfd6..dec05cf5 100644 --- a/packages/extra/monitoring/dashboards.list +++ b/packages/extra/monitoring/dashboards.list @@ -35,3 +35,6 @@ kubevirt/kubevirt-control-plane flux/flux-control-plane flux/flux-stats kafka/strimzi-kafka +goldpinger/goldpinger +clickhouse/altinity-clickhouse-operator-dashboard +storage/linstor \ No newline at end of file diff --git a/packages/extra/monitoring/images/grafana.tag b/packages/extra/monitoring/images/grafana.tag index 6c2e9856..e00d6954 100644 --- a/packages/extra/monitoring/images/grafana.tag +++ b/packages/extra/monitoring/images/grafana.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/grafana:1.8.0@sha256:0377abd3cb2c6e27b12ac297f1859aa4d550f1aa14989f824f2315d0dfd1a5b2 +ghcr.io/cozystack/cozystack/grafana:1.9.0@sha256:a492931b49af55ad184b485bcd7ea06f1334722d2184702d9f6f2e4123032357 diff --git a/packages/extra/monitoring/templates/alerta/alerta-db.yaml b/packages/extra/monitoring/templates/alerta/alerta-db.yaml index 397d554b..5f6b3293 100644 --- a/packages/extra/monitoring/templates/alerta/alerta-db.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta-db.yaml @@ -5,6 +5,13 @@ metadata: name: alerta-db spec: instances: 2 + {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }} + {{- if $configMap }} + {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }} + {{- if $rawConstraints }} + {{- $rawConstraints | fromYaml | toYaml | nindent 2 }} + {{- end }} + {{- end }} storage: size: {{ required ".Values.alerta.storage is required" .Values.alerta.storage }} {{- with .Values.alerta.storageClassName }} diff --git a/packages/extra/monitoring/templates/grafana/db.yaml b/packages/extra/monitoring/templates/grafana/db.yaml index 1e05a4f7..f8a7a9fb 100644 --- a/packages/extra/monitoring/templates/grafana/db.yaml +++ b/packages/extra/monitoring/templates/grafana/db.yaml @@ -6,7 +6,13 @@ spec: instances: 2 storage: size: {{ .Values.grafana.db.size }} - + {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }} + {{- if $configMap }} + {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }} + {{- if $rawConstraints }} + {{- $rawConstraints | fromYaml | toYaml | nindent 2 }} + {{- end }} + {{- end }} monitoring: enablePodMonitor: true diff --git a/packages/extra/monitoring/templates/vm/vmcluster.yaml b/packages/extra/monitoring/templates/vm/vmcluster.yaml index 19e2f610..93b21fc3 100644 --- a/packages/extra/monitoring/templates/vm/vmcluster.yaml +++ b/packages/extra/monitoring/templates/vm/vmcluster.yaml @@ -8,29 +8,32 @@ spec: replicationFactor: 2 retentionPeriod: {{ .retentionPeriod | quote }} vminsert: + extraArgs: + # kubevirt and other systems produce a lot of labels + # it's usually more than default 30 + maxLabelsPerTimeseries: "60" replicaCount: 2 resources: - {{- if and (hasKey . "vminsert") (hasKey .vminsert "resources") }} - {{- toYaml .vminsert.resources | nindent 6 }} - {{- else }} limits: - memory: 1000Mi + {{- with . | dig "vminsert" "resources" "limits" "cpu" nil }} + cpu: {{ . | quote }} + {{- end }} + memory: {{ . | dig "vminsert" "resources" "limits" "memory" "1000Mi" }} requests: - cpu: 100m - memory: 500Mi - {{- end }} + cpu: {{ . | dig "vminsert" "resources" "requests" "cpu" "500m" }} + memory: {{ . | dig "vminsert" "resources" "requests" "memory" "500Mi" }} vmselect: replicaCount: 2 resources: - {{- if and (hasKey . "vmselect") (hasKey .vmselect "resources") }} - {{- toYaml .vmselect.resources | nindent 6 }} - {{- else }} limits: - memory: 1000Mi + # if we don't set the cpu limit, victoriametrics-operator will set 500m here, which is ridiculous small + # see internal/config/config.go in victoriametrics-operator + # 2 vcpu is the bare minimum for **single** Grafana user + cpu: {{ . | dig "vmselect" "resources" "limits" "cpu" "2000m" }} + memory: {{ . | dig "vmselect" "resources" "limits" "memory" "1000Mi" }} requests: - cpu: 100m - memory: 500Mi - {{- end }} + cpu: {{ . | dig "vmselect" "resources" "requests" "cpu" "500m" }} + memory: {{ . | dig "vmselect" "resources" "requests" "memory" "500Mi" }} extraArgs: search.maxUniqueTimeseries: "600000" vmalert.proxyURL: http://vmalert-{{ .name }}.{{ $.Release.Namespace }}.svc:8080 @@ -48,15 +51,14 @@ spec: vmstorage: replicaCount: 2 resources: - {{- if and (hasKey . "vmstorage") (hasKey .vmstorage "resources") }} - {{- toYaml .vmstorage.resources | nindent 6 }} - {{- else }} limits: - memory: 2048Mi + {{- with . | dig "vmstorage" "resources" "limits" "cpu" nil }} + cpu: {{ . | quote }} + {{- end }} + memory: {{ . | dig "vmstorage" "resources" "limits" "memory" "2048Mi" }} requests: - cpu: 100m - memory: 500Mi - {{- end }} + cpu: {{ . | dig "vmstorage" "resources" "requests" "cpu" "100m" }} + memory: {{ . | dig "vmstorage" "resources" "requests" "memory" "500Mi" }} storage: volumeClaimTemplate: spec: diff --git a/packages/extra/monitoring/templates/vpa.yaml b/packages/extra/monitoring/templates/vpa.yaml new file mode 100644 index 00000000..640f7a5b --- /dev/null +++ b/packages/extra/monitoring/templates/vpa.yaml @@ -0,0 +1,62 @@ +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: vpa-vminsert +spec: + targetRef: + apiVersion: apps/v1 + kind: Deployment + name: vminsert-shortterm + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: vminsert + minAllowed: + cpu: 250m + memory: 256Mi + maxAllowed: + cpu: 2000m + memory: 4Gi +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: vpa-vmselect +spec: + targetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: vmselect-shortterm + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: vmselect + minAllowed: + cpu: 250m + memory: 256Mi + maxAllowed: + cpu: 4000m + memory: 8Gi +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: vpa-vmstorage +spec: + targetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: vmstorage-shortterm + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: vmstorage + minAllowed: + cpu: 100m + memory: 512Mi + maxAllowed: + cpu: 4000m + memory: 8Gi diff --git a/packages/extra/versions_map b/packages/extra/versions_map index bc18c57e..13cc268a 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -6,7 +6,9 @@ etcd 2.1.0 2b00fcf8 etcd 2.2.0 5ca8823 etcd 2.3.0 b908400d etcd 2.4.0 cb7b8158 -etcd 2.5.0 HEAD +etcd 2.5.0 861e6c46 +etcd 2.6.0 a7425b0 +etcd 2.6.1 HEAD info 1.0.0 HEAD ingress 1.0.0 f642698 ingress 1.1.0 838bee5d @@ -27,7 +29,9 @@ monitoring 1.5.4 d4634797 monitoring 1.6.0 cb7b8158 monitoring 1.6.1 3bb97596 monitoring 1.7.0 749110aa -monitoring 1.8.0 HEAD +monitoring 1.8.0 80b4c151 +monitoring 1.8.1 06daf341 +monitoring 1.9.0 HEAD seaweedfs 0.1.0 5ca8823 seaweedfs 0.2.0 9e33dc0 seaweedfs 0.2.1 249bf35 diff --git a/packages/system/bucket/Makefile b/packages/system/bucket/Makefile index 98f49ec6..125e2e98 100644 --- a/packages/system/bucket/Makefile +++ b/packages/system/bucket/Makefile @@ -19,6 +19,7 @@ image-s3manager: --cache-to type=inline \ --metadata-file images/s3manager.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) echo "$(REGISTRY)/s3manager:$(call settag,$(S3MANAGER_TAG))@$$(yq e '."containerimage.digest"' images/s3manager.json -o json -r)" \ > images/s3manager.tag diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index 04bfdc4b..e6203bbc 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:e50aecd2158490cb383cef28b8b066aef847782cd826b161fccd91c928fcb500 +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:218d0c017ae556e5afd074366d9a3124f954c5aefc6474844942420cca8b7640 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml index b9b994bb..c92910f0 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.11.0 +appVersion: 0.17.0 description: Cluster API Operator name: cluster-api-operator type: application -version: 0.11.0 +version: 0.17.0 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml index 9095368c..c571b60a 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: {{ $addonNamespace }} @@ -37,7 +37,7 @@ metadata: name: {{ $addonName }} namespace: {{ $addonNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- if or $addonVersion $.Values.secretName }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml index a1634ee8..69a930f2 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $bootstrapNamespace }} --- @@ -36,7 +36,7 @@ metadata: name: {{ $bootstrapName }} namespace: {{ $bootstrapNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" {{- if or $bootstrapVersion $.Values.configSecret.name }} spec: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml index b7cec76d..40bda081 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $controlPlaneNamespace }} --- @@ -36,14 +36,27 @@ metadata: name: {{ $controlPlaneName }} namespace: {{ $controlPlaneNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" -{{- if or $controlPlaneVersion $.Values.configSecret.name }} +{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end}} {{- if $controlPlaneVersion }} version: {{ $controlPlaneVersion }} {{- end }} +{{- if $.Values.manager }} +{{- if hasKey $.Values.manager.featureGates $controlPlaneName }} + manager: +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $controlPlaneName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml index 7bba5953..bb396a24 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: capi-system --- @@ -16,7 +16,7 @@ metadata: name: cluster-api namespace: capi-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" {{- with .Values.configSecret }} spec: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml index 013a2ef0..8f993496 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml @@ -25,7 +25,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $coreNamespace }} --- @@ -35,10 +35,10 @@ metadata: name: {{ $coreName }} namespace: {{ $coreNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" -{{- if or $coreVersion $.Values.configSecret.name }} +{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end}} {{- if $coreVersion }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml index 0b4c0916..598d85c8 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml @@ -47,6 +47,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + serviceAccountName: capi-operator-manager + automountServiceAccountToken: true {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -63,15 +65,15 @@ spec: {{- if .Values.healthAddr }} - --health-addr={{ .Values.healthAddr }} {{- end }} - {{- if .Values.metricsBindAddr }} - - --metrics-bind-addr={{ .Values.metricsBindAddr }} - {{- end }} {{- if .Values.diagnosticsAddress }} - --diagnostics-address={{ .Values.diagnosticsAddress }} {{- end }} {{- if .Values.insecureDiagnostics }} - --insecure-diagnostics={{ .Values.insecureDiagnostics }} {{- end }} + {{- if .Values.watchConfigSecret }} + - --watch-configsecret + {{- end }} {{- with .Values.leaderElection }} - --leader-elect={{ .enabled }} {{- if .leaseDuration }} @@ -95,9 +97,15 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP - - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }} + {{- if $.Values.diagnosticsAddress }} + {{- $diagnosticsPort := $.Values.diagnosticsAddress }} + {{- if contains ":" $diagnosticsPort -}} + {{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }} + {{- end }} + - containerPort: {{ $diagnosticsPort | int }} name: metrics protocol: TCP + {{- end }} {{- with .Values.resources.manager }} resources: {{- toYaml . | nindent 12 }} @@ -114,6 +122,31 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} + terminationMessagePolicy: FallbackToLogsOnError + {{- $healthAddr := $.Values.healthAddr }} + {{- if contains ":" $healthAddr -}} + {{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }} + {{- end }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ $healthAddr | default 9440 }} + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: {{ $healthAddr | default 9440 }} + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 terminationGracePeriodSeconds: 10 {{- with .Values.volumes }} volumes: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml index 3c3a8a75..a311684e 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-bootstrap-system @@ -18,7 +18,7 @@ metadata: name: kubeadm namespace: capi-kubeadm-bootstrap-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} @@ -37,7 +37,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-control-plane-system @@ -48,11 +48,20 @@ metadata: name: kubeadm namespace: capi-kubeadm-control-plane-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: +{{- if $.Values.manager }} + manager: +{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }} + featureGates: + {{- range $key, $value := $.Values.manager.featureGates.kubeadm }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +{{- end }} configSecret: name: {{ .name }} {{- if .namespace }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml index 2a4488c2..9d504659 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: {{ $infrastructureNamespace }} @@ -37,10 +37,10 @@ metadata: name: {{ $infrastructureName }} namespace: {{ $infrastructureNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" -{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager }} +{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} spec: {{- end }} {{- if $infrastructureVersion }} @@ -59,6 +59,16 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }} +{{- range $key, $value := $.Values.fetchConfig }} + {{- if eq $key $infrastructureName }} + fetchConfig: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} @@ -66,5 +76,8 @@ spec: namespace: {{ $.Values.configSecret.namespace }} {{- end }} {{- end }} +{{- if $.Values.additionalDeployments }} + additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} +{{- end }} {{- end }} {{- end }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml new file mode 100644 index 00000000..f64a0da8 --- /dev/null +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml @@ -0,0 +1,73 @@ +# IPAM providers +{{- if .Values.ipam }} +{{- $ipams := split ";" .Values.ipam }} +{{- $ipamNamespace := "" }} +{{- $ipamName := "" }} +{{- $ipamVersion := "" }} +{{- range $ipam := $ipams }} +{{- $ipamArgs := split ":" $ipam }} +{{- $ipamArgsLen := len $ipamArgs }} +{{- if eq $ipamArgsLen 3 }} + {{- $ipamNamespace = $ipamArgs._0 }} + {{- $ipamName = $ipamArgs._1 }} + {{- $ipamVersion = $ipamArgs._2 }} +{{- else if eq $ipamArgsLen 2 }} + {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} + {{- $ipamName = $ipamArgs._0 }} + {{- $ipamVersion = $ipamArgs._1 }} +{{- else if eq $ipamArgsLen 1 }} + {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} + {{- $ipamName = $ipamArgs._0 }} +{{- else }} + {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: {{ $ipamNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: IPAMProvider +metadata: + name: {{ $ipamName }} + namespace: {{ $ipamNamespace }} + annotations: + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} +spec: +{{- end }} +{{- if $ipamVersion }} + version: {{ $ipamVersion }} +{{- end }} +{{- if $.Values.manager }} + manager: +{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }} +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $ipamName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- if $.Values.additionalDeployments }} + additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml index 03b1cec6..27b8bf80 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml @@ -3,7 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -13,7 +13,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -63,6 +62,1443 @@ spec: spec: description: AddonProviderSpec defines the desired state of AddonProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -156,11 +1592,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -188,11 +1626,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -205,6 +1645,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -249,11 +1690,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -281,14 +1724,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -351,11 +1797,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -370,13 +1818,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -385,13 +1833,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -431,11 +1879,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -455,6 +1905,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -477,6 +1928,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -527,11 +1979,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -546,13 +2000,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -561,13 +2015,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -607,11 +2061,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -631,6 +2087,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -643,6 +2100,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -701,11 +2159,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -720,13 +2180,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -735,13 +2195,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -781,11 +2241,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -805,6 +2267,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -827,6 +2290,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -877,11 +2341,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -896,13 +2362,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -911,13 +2377,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -957,11 +2423,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -981,6 +2449,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -993,6 +2462,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -1054,10 +2524,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -1117,10 +2590,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -1149,11 +2625,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -1165,6 +2639,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1209,10 +2689,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1281,6 +2764,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -1315,11 +2804,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1338,6 +2829,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -1347,7 +2841,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -1370,13 +2863,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -1571,20 +3062,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -1620,7 +3111,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -1630,7 +3121,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -1662,7 +3152,6 @@ spec: description: |- BootstrapProvider is the Schema for the bootstrapproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -1759,11 +3248,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1791,11 +3282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1808,6 +3301,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1852,11 +3346,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1884,14 +3380,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1954,11 +3453,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1973,13 +3474,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1988,13 +3489,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2034,11 +3535,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2058,6 +3561,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2080,6 +3584,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -2130,11 +3635,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2149,13 +3656,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2164,13 +3671,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2210,11 +3717,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2234,6 +3743,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2246,6 +3756,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -2304,11 +3815,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2323,13 +3836,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2338,13 +3851,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2384,11 +3897,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2408,6 +3923,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2430,6 +3946,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -2480,11 +3997,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2499,13 +4018,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2514,13 +4033,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2560,11 +4079,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2584,6 +4105,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2596,6 +4118,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -2657,10 +4180,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -2720,10 +4246,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -2763,11 +4292,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -2779,6 +4306,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2823,10 +4356,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2929,11 +4465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2961,7 +4499,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -2984,13 +4521,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -3093,7 +4628,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -3190,20 +4725,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3265,6 +4800,1443 @@ spec: spec: description: BootstrapProviderSpec defines the desired state of BootstrapProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -3358,11 +6330,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -3390,11 +6364,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -3407,6 +6383,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -3451,11 +6428,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -3483,14 +6462,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -3553,11 +6535,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3572,13 +6556,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3587,13 +6571,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3633,11 +6617,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3657,6 +6643,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3679,6 +6666,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -3729,11 +6717,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3748,13 +6738,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3763,13 +6753,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3809,11 +6799,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3833,6 +6825,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3845,6 +6838,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -3903,11 +6897,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3922,13 +6918,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3937,13 +6933,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3983,11 +6979,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4007,6 +7005,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -4029,6 +7028,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -4079,11 +7079,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4098,13 +7100,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4113,13 +7115,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4159,11 +7161,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4183,6 +7187,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -4195,6 +7200,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -4256,10 +7262,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -4319,10 +7328,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -4351,11 +7363,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -4367,6 +7377,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4411,10 +7427,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4483,6 +7502,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -4517,11 +7542,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4540,6 +7567,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -4549,7 +7579,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -4572,13 +7601,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -4773,20 +7800,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -4822,7 +7849,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -4832,7 +7859,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -4864,7 +7890,6 @@ spec: description: |- ControlPlaneProvider is the Schema for the controlplaneproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -4961,11 +7986,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -4993,11 +8020,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -5010,6 +8039,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5054,11 +8084,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -5086,14 +8118,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -5156,11 +8191,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5175,13 +8212,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5190,13 +8227,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5236,11 +8273,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5260,6 +8299,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5282,6 +8322,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5332,11 +8373,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5351,13 +8394,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5366,13 +8409,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5412,11 +8455,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5436,6 +8481,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5448,6 +8494,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -5506,11 +8553,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5525,13 +8574,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5540,13 +8589,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5586,11 +8635,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5610,6 +8661,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5632,6 +8684,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -5682,11 +8735,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5701,13 +8756,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5716,13 +8771,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5762,11 +8817,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5786,6 +8843,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5798,6 +8856,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -5859,10 +8918,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -5922,10 +8984,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -5965,11 +9030,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -5981,6 +9044,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -6025,10 +9094,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6131,11 +9203,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6163,7 +9237,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -6186,13 +9259,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -6295,7 +9366,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -6393,20 +9464,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -6469,6 +9540,1443 @@ spec: spec: description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -6562,11 +11070,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -6594,11 +11104,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -6611,6 +11123,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6655,11 +11168,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -6687,14 +11202,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -6757,11 +11275,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6776,13 +11296,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6791,13 +11311,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6837,11 +11357,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6861,6 +11383,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6883,6 +11406,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6933,11 +11457,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6952,13 +11478,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6967,13 +11493,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7013,11 +11539,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7037,6 +11565,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -7049,6 +11578,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -7107,11 +11637,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7126,13 +11658,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7141,13 +11673,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7187,11 +11719,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7211,6 +11745,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -7233,6 +11768,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -7283,11 +11819,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7302,13 +11840,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7317,13 +11855,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7363,11 +11901,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7387,6 +11927,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -7399,6 +11940,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -7460,10 +12002,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -7523,10 +12068,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -7555,11 +12103,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -7571,6 +12117,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -7615,10 +12167,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7687,6 +12242,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -7721,11 +12282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7744,6 +12307,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -7753,7 +12319,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -7776,13 +12341,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -7978,20 +12541,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -8027,7 +12590,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -8037,7 +12600,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -8069,7 +12631,6 @@ spec: description: |- CoreProvider is the Schema for the coreproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -8166,11 +12727,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -8198,11 +12761,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -8215,6 +12780,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -8259,11 +12825,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -8291,14 +12859,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -8361,11 +12932,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8380,13 +12953,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8395,13 +12968,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8441,11 +13014,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8465,6 +13040,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8487,6 +13063,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -8537,11 +13114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8556,13 +13135,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8571,13 +13150,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8617,11 +13196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8641,6 +13222,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8653,6 +13235,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -8711,11 +13294,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8730,13 +13315,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8745,13 +13330,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8791,11 +13376,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8815,6 +13402,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8837,6 +13425,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -8887,11 +13476,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8906,13 +13497,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8921,13 +13512,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8967,11 +13558,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8991,6 +13584,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -9003,6 +13597,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -9064,10 +13659,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -9127,10 +13725,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -9170,11 +13771,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -9186,6 +13785,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -9230,10 +13835,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -9336,11 +13944,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9368,7 +13978,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -9391,13 +14000,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -9500,7 +14107,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -9597,20 +14204,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -9672,6 +14279,1443 @@ spec: spec: description: CoreProviderSpec defines the desired state of CoreProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -9765,11 +15809,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -9797,11 +15843,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -9814,6 +15862,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -9858,11 +15907,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -9890,14 +15941,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -9960,11 +16014,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9979,13 +16035,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9994,13 +16050,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10040,11 +16096,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10064,6 +16122,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -10086,6 +16145,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -10136,11 +16196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10155,13 +16217,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10170,13 +16232,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10216,11 +16278,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10240,6 +16304,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -10252,6 +16317,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -10310,11 +16376,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10329,13 +16397,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10344,13 +16412,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10390,11 +16458,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10414,6 +16484,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -10436,6 +16507,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -10486,11 +16558,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10505,13 +16579,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10520,13 +16594,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10566,11 +16640,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10590,6 +16666,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -10602,6 +16679,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -10663,10 +16741,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -10726,10 +16807,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -10758,11 +16842,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -10774,6 +16856,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -10818,10 +16906,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10890,6 +16981,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -10924,11 +17021,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10947,6 +17046,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -10956,7 +17058,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -10979,13 +17080,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -11180,20 +17279,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -11229,7 +17328,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -11239,7 +17338,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -11271,7 +17369,6 @@ spec: description: |- InfrastructureProvider is the Schema for the infrastructureproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -11368,11 +17465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -11400,11 +17499,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -11417,6 +17518,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -11461,11 +17563,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -11493,14 +17597,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -11563,11 +17670,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11582,13 +17691,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11597,13 +17706,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11643,11 +17752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11667,6 +17778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11689,6 +17801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -11739,11 +17852,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11758,13 +17873,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11773,13 +17888,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11819,11 +17934,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11843,6 +17960,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11855,6 +17973,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -11913,11 +18032,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11932,13 +18053,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11947,13 +18068,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11993,11 +18114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12017,6 +18140,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -12039,6 +18163,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -12089,11 +18214,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12108,13 +18235,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12123,13 +18250,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12169,11 +18296,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12193,6 +18322,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -12205,6 +18335,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -12266,10 +18397,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -12329,10 +18463,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -12372,11 +18509,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -12388,6 +18523,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -12432,10 +18573,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -12538,11 +18682,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12570,7 +18716,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -12593,13 +18738,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -12702,7 +18845,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -12800,20 +18943,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -12876,6 +19019,1443 @@ spec: spec: description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -12969,11 +20549,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -13001,11 +20583,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -13018,6 +20602,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -13062,11 +20647,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -13094,14 +20681,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -13164,11 +20754,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13183,13 +20775,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13198,13 +20790,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13244,11 +20836,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13268,6 +20862,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13290,6 +20885,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -13340,11 +20936,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13359,13 +20957,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13374,13 +20972,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13420,11 +21018,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13444,6 +21044,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13456,6 +21057,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -13514,11 +21116,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13533,13 +21137,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13548,13 +21152,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13594,11 +21198,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13618,6 +21224,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13640,6 +21247,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -13690,11 +21298,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13709,13 +21319,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13724,13 +21334,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13770,11 +21380,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13794,6 +21406,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13806,6 +21419,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -13867,10 +21481,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -13930,10 +21547,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -13962,11 +21582,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -13978,6 +21596,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14022,10 +21646,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -14094,6 +21721,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -14128,11 +21761,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14151,6 +21786,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -14160,7 +21798,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -14183,13 +21820,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -14385,20 +22020,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -14434,7 +22069,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -14444,7 +22079,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -14494,6 +22128,1443 @@ spec: spec: description: IPAMProviderSpec defines the desired state of IPAMProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -14587,11 +23658,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -14619,11 +23692,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -14636,6 +23711,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -14680,11 +23756,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -14712,14 +23790,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -14782,11 +23863,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14801,13 +23884,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14816,13 +23899,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14862,11 +23945,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14886,6 +23971,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -14908,6 +23994,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -14958,11 +24045,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14977,13 +24066,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14992,13 +24081,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15038,11 +24127,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15062,6 +24153,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -15074,6 +24166,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -15132,11 +24225,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15151,13 +24246,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15166,13 +24261,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15212,11 +24307,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15236,6 +24333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -15258,6 +24356,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -15308,11 +24407,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15327,13 +24428,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15342,13 +24443,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15388,11 +24489,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15412,6 +24515,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -15424,6 +24528,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -15485,10 +24590,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -15548,10 +24656,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -15580,11 +24691,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -15596,6 +24705,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -15640,10 +24755,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -15712,6 +24830,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -15746,11 +24870,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15769,6 +24895,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -15778,7 +24907,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -15801,13 +24929,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -16002,20 +25128,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -16051,7 +25177,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -16061,7 +25187,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -16113,6 +25238,1443 @@ spec: description: RuntimeExtensionProviderSpec defines the desired state of RuntimeExtensionProvider. properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object additionalManifests: description: |- AdditionalManifests is reference to configmap that contains additional manifests that will be applied @@ -16206,11 +26768,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -16238,11 +26802,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -16255,6 +26821,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -16299,11 +26866,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -16331,14 +26900,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -16401,11 +26973,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16420,13 +26994,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16435,13 +27009,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16481,11 +27055,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16505,6 +27081,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -16527,6 +27104,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -16577,11 +27155,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16596,13 +27176,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16611,13 +27191,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16657,11 +27237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16681,6 +27263,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -16693,6 +27276,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -16751,11 +27335,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16770,13 +27356,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16785,13 +27371,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16831,11 +27417,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16855,6 +27443,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -16877,6 +27466,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -16927,11 +27517,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16946,13 +27538,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16961,13 +27553,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17007,11 +27599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17031,6 +27625,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -17043,6 +27638,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -17104,10 +27700,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -17167,10 +27766,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -17199,11 +27801,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -17215,6 +27815,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -17259,10 +27865,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -17331,6 +27940,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -17365,11 +27980,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17388,6 +28005,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -17397,7 +28017,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -17420,13 +28039,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -17622,20 +28239,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -17666,6 +28283,14 @@ spec: subresources: status: {} --- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: capi-operator-manager + namespace: '{{ .Release.Namespace }}' +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -17740,7 +28365,7 @@ roleRef: name: capi-operator-leader-election-role subjects: - kind: ServiceAccount - name: default + name: capi-operator-manager namespace: '{{ .Release.Namespace }}' --- apiVersion: rbac.authorization.k8s.io/v1 @@ -17755,7 +28380,7 @@ roleRef: name: capi-operator-manager-role subjects: - kind: ServiceAccount - name: default + name: capi-operator-manager namespace: '{{ .Release.Namespace }}' --- apiVersion: v1 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml index 212ee2ad..080378fd 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml @@ -5,8 +5,10 @@ core: "" bootstrap: "" controlPlane: "" infrastructure: "" +ipam: "" addon: "" manager.featureGates: {} +fetchConfig: {} # --- # Common configuration secret options configSecret: {} @@ -19,14 +21,14 @@ leaderElection: image: manager: repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.11.0 + tag: v0.17.0 pullPolicy: IfNotPresent env: manager: [] -healthAddr: ":8081" -metricsBindAddr: "127.0.0.1:8080" -diagnosticsAddress: "8443" +diagnosticsAddress: ":8443" +healthAddr: ":9440" insecureDiagnostics: false +watchConfigSecret: false imagePullSecrets: {} resources: manager: diff --git a/packages/system/capi-providers/templates/providers.yaml b/packages/system/capi-providers/templates/providers.yaml index 51402982..af06e089 100644 --- a/packages/system/capi-providers/templates/providers.yaml +++ b/packages/system/capi-providers/templates/providers.yaml @@ -5,7 +5,7 @@ metadata: name: cluster-api spec: # https://github.com/kubernetes-sigs/cluster-api - version: v1.8.3 + version: v1.9.5 --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: ControlPlaneProvider @@ -13,7 +13,7 @@ metadata: name: kamaji spec: # https://github.com/clastix/cluster-api-control-plane-provider-kamaji - version: v0.11.0 + version: v0.14.1 deployment: containers: - name: manager @@ -28,7 +28,7 @@ metadata: name: kubeadm spec: # https://github.com/kubernetes-sigs/cluster-api - version: v1.8.3 + version: v1.9.5 --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: InfrastructureProvider diff --git a/packages/system/cilium/Makefile b/packages/system/cilium/Makefile index eff6027a..e96d20ef 100644 --- a/packages/system/cilium/Makefile +++ b/packages/system/cilium/Makefile @@ -10,7 +10,7 @@ update: rm -rf charts helm repo add cilium https://helm.cilium.io/ helm repo update cilium - helm pull cilium/cilium --untar --untardir charts --version 1.16 + helm pull cilium/cilium --untar --untardir charts --version 1.17 sed -i -e '/Used in iptables/d' -e '/SYS_MODULE/d' charts/cilium/values.yaml version=$$(awk '$$1 == "version:" {print $$2}' charts/cilium/Chart.yaml) && \ sed -i "s/ARG VERSION=.*/ARG VERSION=v$${version}/" images/cilium/Dockerfile @@ -24,6 +24,7 @@ image: --cache-to type=inline \ --metadata-file images/cilium.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) REPOSITORY="$(REGISTRY)/cilium" \ yq -i '.cilium.image.repository = strenv(REPOSITORY)' values.yaml diff --git a/packages/system/cilium/charts/cilium/Chart.yaml b/packages/system/cilium/charts/cilium/Chart.yaml index abb59fd7..517e8007 100644 --- a/packages/system/cilium/charts/cilium/Chart.yaml +++ b/packages/system/cilium/charts/cilium/Chart.yaml @@ -42,7 +42,10 @@ annotations: \ name: ciliumenvoyconfigs.cilium.io\n displayName: Cilium Envoy Config\n description: |\n Cilium Envoy Config specifies Envoy resources and K8s service mappings\n \ to be provisioned into Cilium host proxy instances in namespace context.\n- - kind: CiliumBGPPeeringPolicy\n version: v2alpha1\n name: ciliumbgppeeringpolicies.cilium.io\n + kind: CiliumNodeConfig\n version: v2\n name: ciliumnodeconfigs.cilium.io\n displayName: + Cilium Node Configuration\n description: |\n CiliumNodeConfig is a list of + configuration key-value pairs. It is applied to\n nodes indicated by a label + selector.\n- kind: CiliumBGPPeeringPolicy\n version: v2alpha1\n name: ciliumbgppeeringpolicies.cilium.io\n \ displayName: Cilium BGP Peering Policy\n description: |\n Cilium BGP Peering Policy instructs Cilium to create specific BGP peering\n configurations.\n- kind: CiliumBGPClusterConfig\n version: v2alpha1\n name: ciliumbgpclusterconfigs.cilium.io\n @@ -64,22 +67,19 @@ annotations: can be used to override node specific BGP configuration.\n- kind: CiliumLoadBalancerIPPool\n \ version: v2alpha1\n name: ciliumloadbalancerippools.cilium.io\n displayName: Cilium Load Balancer IP Pool\n description: |\n Defining a Cilium Load Balancer - IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n- kind: CiliumNodeConfig\n - \ version: v2alpha1\n name: ciliumnodeconfigs.cilium.io\n displayName: Cilium - Node Configuration\n description: |\n CiliumNodeConfig is a list of configuration - key-value pairs. It is applied to\n nodes indicated by a label selector.\n- - kind: CiliumCIDRGroup\n version: v2alpha1\n name: ciliumcidrgroups.cilium.io\n - \ displayName: Cilium CIDR Group\n description: |\n CiliumCIDRGroup is a list - of CIDRs that can be referenced as a single entity from CiliumNetworkPolicies.\n- - kind: CiliumL2AnnouncementPolicy\n version: v2alpha1\n name: ciliuml2announcementpolicies.cilium.io\n - \ displayName: Cilium L2 Announcement Policy\n description: |\n CiliumL2AnnouncementPolicy + IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n- kind: CiliumCIDRGroup\n + \ version: v2alpha1\n name: ciliumcidrgroups.cilium.io\n displayName: Cilium + CIDR Group\n description: |\n CiliumCIDRGroup is a list of CIDRs that can + be referenced as a single entity from CiliumNetworkPolicies.\n- kind: CiliumL2AnnouncementPolicy\n + \ version: v2alpha1\n name: ciliuml2announcementpolicies.cilium.io\n displayName: + Cilium L2 Announcement Policy\n description: |\n CiliumL2AnnouncementPolicy is a policy which determines which service IPs will be announced to\n the local area network, by which nodes, and via which interfaces.\n- kind: CiliumPodIPPool\n \ version: v2alpha1\n name: ciliumpodippools.cilium.io\n displayName: Cilium Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n" apiVersion: v2 -appVersion: 1.16.6 +appVersion: 1.17.1 description: eBPF-based Networking, Security, and Observability home: https://cilium.io/ icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg @@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0' name: cilium sources: - https://github.com/cilium/cilium -version: 1.16.6 +version: 1.17.1 diff --git a/packages/system/cilium/charts/cilium/README.md b/packages/system/cilium/charts/cilium/README.md index 7737f8b9..0f0ec17f 100644 --- a/packages/system/cilium/charts/cilium/README.md +++ b/packages/system/cilium/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.16.6](https://img.shields.io/badge/Version-1.16.6-informational?style=flat-square) ![AppVersion: 1.16.6](https://img.shields.io/badge/AppVersion-1.16.6-informational?style=flat-square) +![Version: 1.17.1](https://img.shields.io/badge/Version-1.17.1-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -77,13 +77,15 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.labels | object | `{}` | SPIRE agent labels | | authentication.mutual.spire.install.agent.nodeSelector | object | `{}` | SPIRE agent nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | authentication.mutual.spire.install.agent.podSecurityContext | object | `{}` | Security context to be added to spire agent pods. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| authentication.mutual.spire.install.agent.priorityClassName | string | `""` | The priority class to use for the spire agent | +| authentication.mutual.spire.install.agent.resources | object | `{}` | container resource limits & requests | | authentication.mutual.spire.install.agent.securityContext | object | `{}` | Security context to be added to spire agent containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | | authentication.mutual.spire.install.agent.serviceAccount | object | `{"create":true,"name":"spire-agent"}` | SPIRE agent service account | | authentication.mutual.spire.install.agent.skipKubeletVerification | bool | `true` | SPIRE Workload Attestor kubelet verification. | | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -98,6 +100,8 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.server.labels | object | `{}` | SPIRE server labels | | authentication.mutual.spire.install.server.nodeSelector | object | `{}` | SPIRE server nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | authentication.mutual.spire.install.server.podSecurityContext | object | `{}` | Security context to be added to spire server pods. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| authentication.mutual.spire.install.server.priorityClassName | string | `""` | The priority class to use for the spire server | +| authentication.mutual.spire.install.server.resources | object | `{}` | container resource limits & requests | | authentication.mutual.spire.install.server.securityContext | object | `{}` | Security context to be added to spire server containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | | authentication.mutual.spire.install.server.service.annotations | object | `{}` | Annotations to be added to the SPIRE server service | | authentication.mutual.spire.install.server.service.labels | object | `{}` | Labels to be added to the SPIRE server service | @@ -113,29 +117,34 @@ contributors across the globe, there is almost always someone available to help. | bandwidthManager | object | `{"bbr":false,"enabled":false}` | Enable bandwidth manager to optimize TCP and UDP workloads and allow for rate-limiting traffic from individual Pods with EDT (Earliest Departure Time) through the "kubernetes.io/egress-bandwidth" Pod annotation. | | bandwidthManager.bbr | bool | `false` | Activate BBR TCP congestion control for Pods | | bandwidthManager.enabled | bool | `false` | Enable bandwidth manager infrastructure (also prerequirement for BBR) | -| bgp | object | `{"announce":{"loadbalancerIP":false,"podCIDR":false},"enabled":false}` | Configure BGP | -| bgp.announce.loadbalancerIP | bool | `false` | Enable allocation and announcement of service LoadBalancer IPs | -| bgp.announce.podCIDR | bool | `false` | Enable announcement of node pod CIDR | -| bgp.enabled | bool | `false` | Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside cilium-agent and cilium-operator | -| bgpControlPlane | object | `{"enabled":false,"secretsNamespace":{"create":false,"name":"kube-system"}}` | This feature set enables virtual BGP routers to be created via CiliumBGPPeeringPolicy CRDs. | +| bgpControlPlane | object | `{"enabled":false,"secretsNamespace":{"create":false,"name":"kube-system"},"statusReport":{"enabled":true}}` | This feature set enables virtual BGP routers to be created via CiliumBGPPeeringPolicy CRDs. | | bgpControlPlane.enabled | bool | `false` | Enables the BGP control plane. | | bgpControlPlane.secretsNamespace | object | `{"create":false,"name":"kube-system"}` | SecretsNamespace is the namespace which BGP support will retrieve secrets from. | | bgpControlPlane.secretsNamespace.create | bool | `false` | Create secrets namespace for BGP secrets. | | bgpControlPlane.secretsNamespace.name | string | `"kube-system"` | The name of the secret namespace to which Cilium agents are given read access | +| bgpControlPlane.statusReport | object | `{"enabled":true}` | Status reporting settings (BGPv2 only) | +| bgpControlPlane.statusReport.enabled | bool | `true` | Enable/Disable BGPv2 status reporting It is recommended to enable status reporting in general, but if you have any issue such as high API server load, you can disable it by setting this to false. | | bpf.authMapMax | int | `524288` | Configure the maximum number of entries in auth map. | | bpf.autoMount.enabled | bool | `true` | Enable automatic mount of BPF filesystem When `autoMount` is enabled, the BPF filesystem is mounted at `bpf.root` path on the underlying host and inside the cilium agent pod. If users disable `autoMount`, it's expected that users have mounted bpffs filesystem at the specified `bpf.root` volume, and then the volume will be mounted inside the cilium agent pod at the same path. | +| bpf.ctAccounting | bool | `false` | Enable CT accounting for packets and bytes | | bpf.ctAnyMax | int | `262144` | Configure the maximum number of entries for the non-TCP connection tracking table. | | bpf.ctTcpMax | int | `524288` | Configure the maximum number of entries in the TCP connection tracking table. | | bpf.datapathMode | string | `veth` | Mode for Pod devices for the core datapath (veth, netkit, netkit-l2, lb-only) | | bpf.disableExternalIPMitigation | bool | `false` | Disable ExternalIP mitigation (CVE-2020-8554) | | bpf.enableTCX | bool | `true` | Attach endpoint programs using tcx instead of legacy tc hooks on supported kernels. | -| bpf.events | object | `{"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. | +| bpf.events | object | `{"default":{"burstLimit":null,"rateLimit":null},"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. Helm configuration for BPF events map rate limiting is experimental and might change in upcoming releases. | +| bpf.events.default | object | `{"burstLimit":null,"rateLimit":null}` | Default settings for all types of events except dbg and pcap. | +| bpf.events.default.burstLimit | int | `0` | Configure the maximum number of messages that can be written to BPF events map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must also be provided lest the configuration is considered invalid. Setting both burstLimit and rateLimit to 0 disables BPF events rate limiting. | +| bpf.events.default.rateLimit | int | `0` | Configure the limit of messages per second that can be written to BPF events map. The number of messages is averaged, meaning that if no messages were written to the map over 5 seconds, it's possible to write more events in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must also be provided lest the configuration is considered invalid. Setting both burstLimit and rateLimit to 0 disables BPF events rate limiting. | | bpf.events.drop.enabled | bool | `true` | Enable drop events. | | bpf.events.policyVerdict.enabled | bool | `true` | Enable policy verdict events. | | bpf.events.trace.enabled | bool | `true` | Enable trace events. | | bpf.hostLegacyRouting | bool | `false` | Configure whether direct routing mode should route traffic via host stack (true) or directly and more efficiently out of BPF (false) if the kernel supports it. The latter has the implication that it will also bypass netfilter in the host namespace. | +| bpf.lbAlgorithmAnnotation | bool | `false` | Enable the option to define the load balancing algorithm on a per-service basis through service.cilium.io/lb-algorithm annotation. | | bpf.lbExternalClusterIP | bool | `false` | Allow cluster external access to ClusterIP services. | | bpf.lbMapMax | int | `65536` | Configure the maximum number of service entries in the load balancer maps. | +| bpf.lbModeAnnotation | bool | `false` | Enable the option to define the load balancing mode (SNAT or DSR) on a per-service basis through service.cilium.io/forwarding-mode annotation. | +| bpf.lbSourceRangeAllTypes | bool | `false` | Enable loadBalancerSourceRanges CIDR filtering for all service types, not just LoadBalancer services. The corresponding NodePort and ClusterIP (if enabled for cluster-external traffic) will also apply the CIDR filter. | | bpf.mapDynamicSizeRatio | float64 | `0.0025` | Configure auto-sizing for all BPF maps based on available memory. ref: https://docs.cilium.io/en/stable/network/ebpf/maps/ | | bpf.masquerade | bool | `false` | Enable native IP masquerade support in eBPF | | bpf.monitorAggregation | string | `"medium"` | Configure the level of aggregation for monitor notifications. Valid options are none, low, medium, maximum. | @@ -147,15 +156,18 @@ contributors across the globe, there is almost always someone available to help. | bpf.policyMapMax | int | `16384` | Configure the maximum number of entries in endpoint policy map (per endpoint). @schema type: [null, integer] @schema | | bpf.preallocateMaps | bool | `false` | Enables pre-allocation of eBPF map values. This increases memory usage but can reduce latency. | | bpf.root | string | `"/sys/fs/bpf"` | Configure the mount point for the BPF filesystem | -| bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY to reduce reliance on iptables rules for implementing Layer 7 policy. | +| bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules for implementing Layer 7 policy. | | bpf.vlanBypass | list | `[]` | Configure explicitly allowed VLAN id's for bpf logic bypass. [0] will allow all VLAN id's without any filtering. | | bpfClockProbe | bool | `false` | Enable BPF clock source probing for more efficient tick retrieval. | -| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:169d93fd8f2f9009db3b9d5ccd37c2b753d0989e1e7cd8fe79f9160c459eef4f","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.2.0","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | +| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"generateCA":true,"image":{"digest":"sha256:ab6b1928e9c5f424f6b0f51c68065b9fd85e2f8d3e5f21fbd1a3cb27e6fb9321","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.2.1","useDigest":true},"nodeSelector":{},"podLabels":{},"priorityClassName":"","tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | | certgen.affinity | object | `{}` | Affinity for certgen | | certgen.annotations | object | `{"cronJob":{},"job":{}}` | Annotations to be added to the hubble-certgen initial Job and CronJob | | certgen.extraVolumeMounts | list | `[]` | Additional certgen volumeMounts. | | certgen.extraVolumes | list | `[]` | Additional certgen volumes. | +| certgen.generateCA | bool | `true` | When set to true the certificate authority secret is created. | +| certgen.nodeSelector | object | `{}` | Node selector for certgen ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | certgen.podLabels | object | `{}` | Labels to be added to hubble-certgen pods | +| certgen.priorityClassName | string | `""` | Priority class for certgen ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass | | certgen.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | certgen.ttlSecondsAfterFinished | int | `1800` | Seconds after which the completed job pod will be deleted | | cgroup | object | `{"autoMount":{"enabled":true,"resources":{}},"hostRoot":"/run/cilium/cgroupv2"}` | Configure cgroup related configuration | @@ -163,7 +175,8 @@ contributors across the globe, there is almost always someone available to help. | cgroup.autoMount.resources | object | `{}` | Init Container Cgroup Automount resource limits & requests | | cgroup.hostRoot | string | `"/run/cilium/cgroupv2"` | Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`) | | ciliumEndpointSlice.enabled | bool | `false` | Enable Cilium EndpointSlice feature. | -| ciliumEndpointSlice.rateLimits | list | `[{"burst":20,"limit":10,"nodes":0},{"burst":15,"limit":7,"nodes":100},{"burst":10,"limit":5,"nodes":500}]` | List of rate limit options to be used for the CiliumEndpointSlice controller. Each object in the list must have the following fields: nodes: Count of nodes at which to apply the rate limit. limit: The sustained request rate in requests per second. The maximum rate that can be configured is 50. burst: The burst request rate in requests per second. The maximum burst that can be configured is 100. | +| ciliumEndpointSlice.rateLimits | list | `[{"burst":20,"limit":10,"nodes":0},{"burst":100,"limit":50,"nodes":100}]` | List of rate limit options to be used for the CiliumEndpointSlice controller. Each object in the list must have the following fields: nodes: Count of nodes at which to apply the rate limit. limit: The sustained request rate in requests per second. The maximum rate that can be configured is 50. burst: The burst request rate in requests per second. The maximum burst that can be configured is 100. | +| ciliumEndpointSlice.sliceMode | string | `"identity"` | The slicing mode to use for CiliumEndpointSlices. identity groups together CiliumEndpoints that share the same identity. fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. | | cleanBpfState | bool | `false` | Clean all eBPF datapath state from the initContainer of the cilium-agent DaemonSet. WARNING: Use with care! | | cleanState | bool | `false` | Clean all local Cilium state from the initContainer of the cilium-agent DaemonSet. Implies cleanBpfState: true. WARNING: Use with care! | | cluster.id | int | `0` | Unique ID of the cluster. Must be unique across all connected clusters and in the range of 1 to 255. Only required for Cluster Mesh, may be 0 if Cluster Mesh is not used. | @@ -182,7 +195,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.6","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.1","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -224,12 +237,13 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.replicas | int | `1` | Number of replicas run for the clustermesh-apiserver deployment. | | clustermesh.apiserver.resources | object | `{}` | Resource requests and limits for the clustermesh-apiserver | | clustermesh.apiserver.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Security context to be added to clustermesh-apiserver containers | -| clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" | +| clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver service. Example annotations to configure an internal load balancer on different cloud providers: * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" * GKE: networking.gke.io/load-balancer-type: "Internal" | | clustermesh.apiserver.service.enableSessionAffinity | string | `"HAOnly"` | Defines when to enable session affinity. Each replica in a clustermesh-apiserver deployment runs its own discrete etcd cluster. Remote clients connect to one of the replicas through a shared Kubernetes Service. A client reconnecting to a different backend will require a full resync to ensure data integrity. Session affinity can reduce the likelihood of this happening, but may not be supported by all cloud providers. Possible values: - "HAOnly" (default) Only enable session affinity for deployments with more than 1 replica. - "Always" Always enable session affinity. - "Never" Never enable session affinity. Useful in environments where session affinity is not supported, but may lead to slightly degraded performance due to more frequent reconnections. | | clustermesh.apiserver.service.externalTrafficPolicy | string | `"Cluster"` | The externalTrafficPolicy of service used for apiserver access. | | clustermesh.apiserver.service.internalTrafficPolicy | string | `"Cluster"` | The internalTrafficPolicy of service used for apiserver access. | | clustermesh.apiserver.service.loadBalancerClass | string | `nil` | Configure a loadBalancerClass. Allows to configure the loadBalancerClass on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer (requires Kubernetes 1.24+). | | clustermesh.apiserver.service.loadBalancerIP | string | `nil` | Configure a specific loadBalancerIP. Allows to configure a specific loadBalancerIP on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. | +| clustermesh.apiserver.service.loadBalancerSourceRanges | list | `[]` | Configure loadBalancerSourceRanges. Allows to configure the source IP ranges allowed to access the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. | | clustermesh.apiserver.service.nodePort | int | `32379` | Optional port to use as the node port for apiserver access. WARNING: make sure to configure a different NodePort in each cluster if kube-proxy replacement is enabled, as Cilium is currently affected by a known bug (#24692) when NodePorts are handled by the KPR implementation. If a service with the same NodePort exists both in the local and the remote cluster, all traffic originating from inside the cluster and targeting the corresponding NodePort will be redirected to a local backend, regardless of whether the destination node belongs to the local or the remote cluster. | | clustermesh.apiserver.service.type | string | `"NodePort"` | The type of service used for apiserver access. | | clustermesh.apiserver.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for the clustermesh-apiserver deployment | @@ -270,6 +284,7 @@ contributors across the globe, there is almost always someone available to help. | cni.logFile | string | `"/var/run/cilium/cilium-cni.log"` | Configure the log file for CNI logging with retention policy of 7 days. Disable CNI file logging by setting this field to empty explicitly. | | cni.resources | object | `{"requests":{"cpu":"100m","memory":"10Mi"}}` | Specifies the resources for the cni initContainer | | cni.uninstall | bool | `false` | Remove the CNI configuration and binary files on agent shutdown. Enable this if you're removing Cilium from the cluster. Disable this to prevent the CNI configuration file from being removed during agent upgrade, which can cause nodes to go unmanageable. | +| commonLabels | object | `{}` | commonLabels allows users to add common labels for all Cilium resources. | | conntrackGCInterval | string | `"0s"` | Configure how frequently garbage collection should occur for the datapath connection tracking table. | | conntrackGCMaxInterval | string | `""` | Configure the maximum frequency for the garbage collection of the connection tracking table. Only affects the automatic computation for the frequency and has no effect when 'conntrackGCInterval' is set. This can be set to more frequently clean up unused identities created from ToFQDN policies. | | crdWaitTimeout | string | `"5m"` | Configure timeout in which Cilium will exit if CRDs are not available | @@ -278,16 +293,18 @@ contributors across the globe, there is almost always someone available to help. | daemon.allowedConfigOverrides | string | `nil` | allowedConfigOverrides is a list of config-map keys that can be overridden. That is to say, if this value is set, config sources (excepting the first one) can only override keys in this list. This takes precedence over blockedConfigOverrides. By default, all keys may be overridden. To disable overrides, set this to "none" or change the configSources variable. | | daemon.blockedConfigOverrides | string | `nil` | blockedConfigOverrides is a list of config-map keys that may not be overridden. In other words, if any of these keys appear in a configuration source excepting the first one, they will be ignored This is ignored if allowedConfigOverrides is set. By default, all keys may be overridden. | | daemon.configSources | string | `nil` | Configure a custom list of possible configuration override sources The default is "config-map:cilium-config,cilium-node-config". For supported values, see the help text for the build-config subcommand. Note that this value should be a comma-separated string. | +| daemon.enableSourceIPVerification | bool | `true` | enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification of endpoints. This flag is useful when Cilium is chained with other CNIs. By default, this functionality is enabled | | daemon.runPath | string | `"/var/run/cilium"` | Configure where Cilium runtime state should be stored. | | dashboards | object | `{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null}` | Grafana dashboards for cilium-agent grafana can import dashboards based on the label and value ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#sidecar-for-dashboards | | debug.enabled | bool | `false` | Enable debug logging | | debug.verbose | string | `nil` | Configure verbosity levels for debug logging This option is used to enable debug messages for operations related to such sub-system such as (e.g. kvstore, envoy, datapath or policy), and flow is for enabling debug messages emitted per request, message and connection. Multiple values can be set via a space-separated string (e.g. "datapath envoy"). Applicable values: - flow - kvstore - envoy - datapath - policy | +| defaultLBServiceIPAM | string | `"lbipam"` | defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none @schema type: [string] @schema | | directRoutingSkipUnreachable | bool | `false` | Enable skipping of PodCIDR routes between worker nodes if the worker nodes are in a different L2 network segment. | | disableEndpointCRD | bool | `false` | Disable the usage of CiliumEndpoint CRD. | | dnsPolicy | string | `""` | DNS policy for Cilium agent pods. Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | | dnsProxy.dnsRejectResponseCode | string | `"refused"` | DNS response code for rejecting DNS requests, available options are '[nameError refused]'. | | dnsProxy.enableDnsCompression | bool | `true` | Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. | -| dnsProxy.endpointMaxIpPerHostname | int | `50` | Maximum number of IPs to maintain per FQDN name for each endpoint. | +| dnsProxy.endpointMaxIpPerHostname | int | `1000` | Maximum number of IPs to maintain per FQDN name for each endpoint. | | dnsProxy.idleConnectionGracePeriod | string | `"0s"` | Time during which idle but previously active connections with expired DNS lookups are still considered alive. | | dnsProxy.maxDeferredConnectionDeletes | int | `10000` | Maximum number of IPs to retain for expired DNS lookups with still-active connections. | | dnsProxy.minTtl | int | `0` | The minimum time, in seconds, to use DNS data for toFQDNs policies. If the upstream DNS server returns a DNS record with a shorter TTL, Cilium overwrites the TTL with this value. Setting this value to zero means that Cilium will honor the TTLs returned by the upstream DNS server. | @@ -303,8 +320,11 @@ contributors across the globe, there is almost always someone available to help. | enableIPv4Masquerade | bool | `true` | Enables masquerading of IPv4 traffic leaving the node from endpoints. | | enableIPv6BIGTCP | bool | `false` | Enables IPv6 BIG TCP support which increases maximum IPv6 GSO/GRO limits for nodes and pods | | enableIPv6Masquerade | bool | `true` | Enables masquerading of IPv6 traffic leaving the node from endpoints. | +| enableInternalTrafficPolicy | bool | `true` | Enable Internal Traffic Policy | | enableK8sTerminatingEndpoint | bool | `true` | Configure whether to enable auto detect of terminating state for endpoints in order to support graceful termination. | +| enableLBIPAM | bool | `true` | Enable LoadBalancer IP Address Management | | enableMasqueradeRouteSource | bool | `false` | Enables masquerading to the source of the route for traffic leaving the node from endpoints. | +| enableNonDefaultDenyPolicies | bool | `true` | Enable Non-Default-Deny policies | | enableRuntimeDeviceDetection | bool | `true` | Enables experimental support for the detection of new and removed datapath devices. When devices change the eBPF datapath is reloaded and services updated. If "devices" is set then only those devices, or devices matching a wildcard will be considered. This option has been deprecated and is a no-op. | | enableXTSocketFallback | bool | `true` | Enables the fallback compatibility solution for when the xt_socket kernel module is missing and it is needed for the datapath L7 redirection to work properly. See documentation for details on when this can be disabled: https://docs.cilium.io/en/stable/operations/system_requirements/#linux-kernel. | | encryption.enabled | bool | `false` | Enable transparent network encryption. | @@ -322,8 +342,8 @@ contributors across the globe, there is almost always someone available to help. | encryption.strictMode.enabled | bool | `false` | Enable WireGuard Pod2Pod strict mode. | | encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. | | encryption.wireguard.persistentKeepalive | string | `"0s"` | Controls WireGuard PersistentKeepalive option. Set 0s to disable. | -| encryption.wireguard.userspaceFallback | bool | `false` | Enables the fallback to the user-space implementation (deprecated). | | endpointHealthChecking.enabled | bool | `true` | Enable connectivity health checking between virtual endpoints. | +| endpointLockdownOnMapOverflow | bool | `false` | Enable endpoint lockdown on policy map overflow. | | endpointRoutes.enabled | bool | `false` | Enable use of per endpoint routes instead of routing via the cilium_host interface. | | eni.awsEnablePrefixDelegation | bool | `false` | Enable ENI prefix delegation | | eni.awsReleaseExcessIPs | bool | `false` | Release IPs not used from the ENI | @@ -340,6 +360,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"cilium.io/no-schedule","operator":"NotIn","values":["true"]}]}]}},"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. | | envoy.annotations | object | `{}` | Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) | | envoy.baseID | int | `0` | Set Envoy'--base-id' to use when allocating shared memory regions. Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' | +| envoy.bootstrapConfigMap | string | `nil` | ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. When specified, Envoy will use this ConfigMap instead of the default provided by the chart. WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support cannot be provided for custom Envoy bootstrap configs. @schema type: [null, string] @schema | | envoy.connectTimeoutSeconds | int | `2` | Time in seconds after which a TCP connection attempt times out | | envoy.debug.admin.enabled | bool | `false` | Enable admin interface for cilium-envoy. This is useful for debugging and should not be enabled in production. | | envoy.debug.admin.port | int | `9901` | Port number (bound to loopback interface). kubectl port-forward can be used to access the admin interface. | @@ -352,13 +373,18 @@ contributors across the globe, there is almost always someone available to help. | envoy.extraVolumeMounts | list | `[]` | Additional envoy volumeMounts. | | envoy.extraVolumes | list | `[]` | Additional envoy volumes. | | envoy.healthPort | int | `9878` | TCP port for the health API. | +| envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae","useDigest":true}` | Envoy container image. | | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | -| envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. | +| envoy.log.accessLogBufferSize | int | `4096` | Size of the Envoy access log buffer created within the agent in bytes. Tune this value up if you encounter "Envoy: Discarded truncated access log message" errors. Large request/response header sizes (e.g. 16KiB) will require a larger buffer size. | +| envoy.log.defaultLevel | string | Defaults to the default log level of the Cilium Agent - `info` | Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. Possible values: trace, debug, info, warning, error, critical, off | +| envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. This setting is mutually exclusive with envoy.log.format_json. | +| envoy.log.format_json | string | `nil` | The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format | | envoy.log.path | string | `""` | Path to a separate Envoy log file, if any. Defaults to /dev/stdout. | +| envoy.maxConcurrentRetries | int | `128` | Maximum number of concurrent retries on Envoy clusters | | envoy.maxConnectionDurationSeconds | int | `0` | Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) | | envoy.maxRequestsPerConnection | int | `0` | ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy | | envoy.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for cilium-envoy. | @@ -425,6 +451,7 @@ contributors across the globe, there is almost always someone available to help. | gatewayAPI.secretsNamespace.sync | bool | `true` | Enable secret sync, which will make sure all TLS secrets used by Ingress are synced to secretsNamespace.name. If disabled, TLS secrets must be maintained externally. | | gatewayAPI.xffNumTrustedHops | int | `0` | The number of additional GatewayAPI proxy hops from the right side of the HTTP header to trust when determining the origin client's IP address. | | gke.enabled | bool | `false` | Enable Google Kubernetes Engine integration | +| healthCheckICMPFailureThreshold | int | `3` | Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. | | healthChecking | bool | `true` | Enable connectivity health checking. | | healthPort | int | `9879` | TCP port for the agent health API. This is not the port for cilium-health. | | highScaleIPcache | object | `{"enabled":false}` | EnableHighScaleIPcache enables the special ipcache mode for high scale clusters. The ipcache content will be reduced to the strict minimum and traffic will be encapsulated to carry security identities. | @@ -446,8 +473,11 @@ contributors across the globe, there is almost always someone available to help. | hubble.export.fileMaxSizeMb | int | `10` | - Defines max file size of output file before it gets rotated. | | hubble.export.static | object | `{"allowList":[],"denyList":[],"enabled":false,"fieldMask":[],"filePath":"/var/run/cilium/hubble/events.log"}` | - Static exporter configuration. Static exporter is bound to agent lifecycle. | | hubble.listenAddress | string | `":4244"` | An additional address for Hubble to listen to. Set this field ":4244" if you are enabling Hubble Relay, as it assumes that Hubble is listening on port 4244. | -| hubble.metrics | object | `{"dashboards":{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null},"enableOpenMetrics":false,"enabled":null,"port":9965,"serviceAnnotations":{},"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"tlsConfig":{}},"tls":{"enabled":false,"server":{"cert":"","existingSecret":"","extraDnsNames":[],"extraIpAddresses":[],"key":"","mtls":{"enabled":false,"key":"ca.crt","name":null,"useSecret":false}}}}` | Hubble metrics configuration. See https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics for more comprehensive documentation about Hubble metrics. | +| hubble.metrics | object | `{"dashboards":{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null},"dynamic":{"config":{"configMapName":"cilium-dynamic-metrics-config","content":[{"contextOptions":[],"excludeFilters":[],"includeFilters":[],"name":"all"}],"createConfigMap":true},"enabled":false},"enableOpenMetrics":false,"enabled":null,"port":9965,"serviceAnnotations":{},"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"tlsConfig":{}},"tls":{"enabled":false,"server":{"cert":"","existingSecret":"","extraDnsNames":[],"extraIpAddresses":[],"key":"","mtls":{"enabled":false,"key":"ca.crt","name":null,"useSecret":false}}}}` | Hubble metrics configuration. See https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics for more comprehensive documentation about Hubble metrics. | | hubble.metrics.dashboards | object | `{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null}` | Grafana dashboards for hubble grafana can import dashboards based on the label and value ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#sidecar-for-dashboards | +| hubble.metrics.dynamic.config.configMapName | string | `"cilium-dynamic-metrics-config"` | -- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. | +| hubble.metrics.dynamic.config.content | list | `[{"contextOptions":[],"excludeFilters":[],"includeFilters":[],"name":"all"}]` | -- Exporters configuration in YAML format. | +| hubble.metrics.dynamic.config.createConfigMap | bool | `true` | -- True if helm installer should create config map. Switch to false if you want to self maintain the file content. | | hubble.metrics.enableOpenMetrics | bool | `false` | Enables exporting hubble metrics in OpenMetrics format. | | hubble.metrics.enabled | string | `nil` | Configures the list of metrics to collect. If empty or null, metrics are disabled. Example: enabled: - dns:query;ignoreAAAA - drop - tcp - flow - icmp - http You can specify the list of metrics from the helm CLI: --set hubble.metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}" | | hubble.metrics.port | int | `9965` | Configure the port the hubble metric server listens on. | @@ -478,14 +508,14 @@ contributors across the globe, there is almost always someone available to help. | hubble.redact.kafka.apiKey | bool | `false` | Enables redacting Kafka's API key. Example: redact: enabled: true kafka: apiKey: true You can specify the options from the helm CLI: --set hubble.redact.enabled="true" --set hubble.redact.kafka.apiKey="true" | | hubble.relay.affinity | object | `{"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for hubble-replay | | hubble.relay.annotations | object | `{}` | Annotations to be added to all top-level hubble-relay objects (resources under templates/hubble-relay) | -| hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). | +| hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). This option has been deprecated and is a no-op. | | hubble.relay.enabled | bool | `false` | Enable Hubble Relay (requires hubble.enabled=true) | | hubble.relay.extraEnv | list | `[]` | Additional hubble-relay environment variables. | | hubble.relay.extraVolumeMounts | list | `[]` | Additional hubble-relay volumeMounts. | | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.6","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.1","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -513,7 +543,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.securityContext | object | `{"capabilities":{"drop":["ALL"]},"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | hubble-relay container security context | | hubble.relay.service | object | `{"nodePort":31234,"type":"ClusterIP"}` | hubble-relay service configuration. | | hubble.relay.service.nodePort | int | `31234` | - The port to use when the service type is set to NodePort. | -| hubble.relay.service.type | string | `"ClusterIP"` | - The type of service used for Hubble Relay access, either ClusterIP or NodePort. | +| hubble.relay.service.type | string | `"ClusterIP"` | - The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. | | hubble.relay.sortBufferDrainTimeout | string | `nil` | When the per-request flows sort buffer is not full, a flow is drained every time this timeout is reached (only affects requests in follow-mode) (e.g. "1s"). | | hubble.relay.sortBufferLenMax | int | `nil` | Max number of flows that can be buffered for sorting before being sent to the client (per request) (e.g. 100). | | hubble.relay.terminationGracePeriodSeconds | int | `1` | Configure termination grace period for hubble relay Deployment. | @@ -567,6 +597,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | | hubble.ui.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":["chart-example.local"],"labels":{},"tls":[]}` | hubble-ui ingress configuration. | +| hubble.ui.labels | object | `{}` | Additional labels to be added to 'hubble-ui' deployment object | | hubble.ui.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | hubble.ui.podAnnotations | object | `{}` | Annotations to be added to hubble-ui pods | | hubble.ui.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -589,9 +620,9 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | hubble.ui.topologySpreadConstraints | list | `[]` | Pod topology spread constraints for hubble-ui | | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | -| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | +| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -623,7 +654,9 @@ contributors across the globe, there is almost always someone available to help. | installNoConntrackIptablesRules | bool | `false` | Install Iptables rules to skip netfilter connection tracking on all pod traffic. This option is only effective when Cilium is running in direct routing and full KPR mode. Moreover, this option cannot be enabled when Cilium is running in a managed Kubernetes environment or in a chained CNI setup. | | ipMasqAgent | object | `{"enabled":false}` | Configure the eBPF-based ip-masq-agent | | ipam.ciliumNodeUpdateRate | string | `"15s"` | Maximum rate at which the CiliumNode custom resource is updated. | +| ipam.installUplinkRoutesForDelegatedIPAM | bool | `false` | Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. | | ipam.mode | string | `"cluster-pool"` | Configure IP Address Management mode. ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ | +| ipam.multiPoolPreAllocation | string | `""` | Pre-allocation settings for IPAM in Multi-Pool mode | | ipam.operator.autoCreateCiliumPodIPPools | object | `{}` | IP pools to auto-create in multi-pool IPAM mode. | | ipam.operator.clusterPoolIPv4MaskSize | int | `24` | IPv4 CIDR mask size to delegate to individual nodes for IPAM. | | ipam.operator.clusterPoolIPv4PodCIDRList | list | `["10.0.0.0/8"]` | IPv4 CIDR list range to delegate to individual nodes for IPAM. | @@ -631,6 +664,7 @@ contributors across the globe, there is almost always someone available to help. | ipam.operator.clusterPoolIPv6PodCIDRList | list | `["fd00::/104"]` | IPv6 CIDR list range to delegate to individual nodes for IPAM. | | ipam.operator.externalAPILimitBurstSize | int | `20` | The maximum burst size when rate limiting access to external APIs. Also known as the token bucket capacity. | | ipam.operator.externalAPILimitQPS | float | `4.0` | The maximum queries per second when rate limiting access to external APIs. Also known as the bucket refill rate, which is used to refill the bucket up to the burst size capacity. | +| iptablesRandomFully | bool | `false` | Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. | | ipv4.enabled | bool | `true` | Enable IPv4 support. | | ipv4NativeRoutingCIDR | string | `""` | Allows to explicitly specify the IPv4 CIDR for native routing. When specified, Cilium assumes networking for this CIDR is preconfigured and hands traffic destined for that range to the Linux network stack without applying any SNAT. Generally speaking, specifying a native routing CIDR implies that Cilium can depend on the underlying networking stack to route packets to their destination. To offer a concrete example, if Cilium is configured to use direct routing and the Kubernetes CIDR is included in the native routing CIDR, the user must configure the routes to reach pods, either manually or by setting the auto-direct-node-routes flag. | | ipv6.enabled | bool | `false` | Enable IPv6 support. | @@ -638,11 +672,16 @@ contributors across the globe, there is almost always someone available to help. | k8s | object | `{"requireIPv4PodCIDR":false,"requireIPv6PodCIDR":false}` | Configure Kubernetes specific configuration | | k8s.requireIPv4PodCIDR | bool | `false` | requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR range via the Kubernetes node resource | | k8s.requireIPv6PodCIDR | bool | `false` | requireIPv6PodCIDR enables waiting for Kubernetes to provide the PodCIDR range via the Kubernetes node resource | -| k8sClientRateLimit | object | `{"burst":null,"qps":null}` | Configure the client side rate limit for the agent and operator If the amount of requests to the Kubernetes API server exceeds the configured rate limit, the agent and operator will start to throttle requests by delaying them until there is budget or the request times out. | -| k8sClientRateLimit.burst | int | 10 for k8s up to 1.26. 20 for k8s version 1.27+ | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | -| k8sClientRateLimit.qps | int | 5 for k8s up to 1.26. 10 for k8s version 1.27+ | The sustained request rate in requests per second. | +| k8sClientRateLimit | object | `{"burst":null,"operator":{"burst":null,"qps":null},"qps":null}` | Configure the client side rate limit for the agent If the amount of requests to the Kubernetes API server exceeds the configured rate limit, the agent will start to throttle requests by delaying them until there is budget or the request times out. | +| k8sClientRateLimit.burst | int | 20 | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | +| k8sClientRateLimit.operator | object | `{"burst":null,"qps":null}` | Configure the client side rate limit for the Cilium Operator | +| k8sClientRateLimit.operator.burst | int | 200 | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | +| k8sClientRateLimit.operator.qps | int | 100 | The sustained request rate in requests per second. | +| k8sClientRateLimit.qps | int | 10 | The sustained request rate in requests per second. | | k8sNetworkPolicy.enabled | bool | `true` | Enable support for K8s NetworkPolicy | -| k8sServiceHost | string | `""` | Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) | +| k8sServiceHost | string | `""` | Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap | +| k8sServiceLookupConfigMapName | string | `""` | When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. | +| k8sServiceLookupNamespace | string | `""` | When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. | | k8sServicePort | string | `""` | Kubernetes service port | | keepDeprecatedLabels | bool | `false` | Keep the deprecated selector labels when deploying Cilium DaemonSet. | | keepDeprecatedProbes | bool | `false` | Keep the deprecated probes when deploying Cilium DaemonSet | @@ -658,8 +697,9 @@ contributors across the globe, there is almost always someone available to help. | l7Proxy | bool | `true` | Enable Layer 7 network policy. | | livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | -| loadBalancer | object | `{"acceleration":"disabled","l7":{"algorithm":"round_robin","backend":"disabled","ports":[]}}` | Configure service load balancing | +| loadBalancer | object | `{"acceleration":"disabled","experimental":false,"l7":{"algorithm":"round_robin","backend":"disabled","ports":[]}}` | Configure service load balancing | | loadBalancer.acceleration | string | `"disabled"` | acceleration is the option to accelerate service handling via XDP Applicable values can be: disabled (do not use XDP), native (XDP BPF program is run directly out of the networking driver's early receive path), or best-effort (use native mode XDP acceleration on devices that support it). | +| loadBalancer.experimental | bool | `false` | experimental enables support for the experimental load-balancing control-plane. | | loadBalancer.l7 | object | `{"algorithm":"round_robin","backend":"disabled","ports":[]}` | L7 LoadBalancer | | loadBalancer.l7.algorithm | string | `"round_robin"` | Default LB algorithm The default LB algorithm to be used for services, which can be overridden by the service annotation (e.g. service.cilium.io/lb-l7-algorithm) Applicable values: round_robin, least_request, random | | loadBalancer.l7.backend | string | `"disabled"` | Enable L7 service load balancing via envoy proxy. The request to a k8s service, which has specific annotation e.g. service.cilium.io/lb-l7, will be forwarded to the local backend proxy to be load balanced to the service endpoints. Please refer to docs for supported annotations for more configuration. Applicable values: - envoy: Enable L7 load balancing via envoy proxy. This will automatically set enable-envoy-config as well. - disabled: Disable L7 load balancing by way of service annotation. | @@ -670,6 +710,7 @@ contributors across the globe, there is almost always someone available to help. | monitor | object | `{"enabled":false}` | cilium-monitor sidecar. | | monitor.enabled | bool | `false` | Enable the cilium-monitor sidecar. | | name | string | `"cilium"` | Agent container name. | +| namespaceOverride | string | `""` | namespaceOverride allows to override the destination namespace for Cilium resources. This property allows to use Cilium as part of an Umbrella Chart with different targets. | | nat.mapStatsEntries | int | `32` | Number of the top-k SNAT map connections to track in Cilium statedb. | | nat.mapStatsInterval | string | `"30s"` | Interval between how often SNAT map is counted for stats. | | nat46x64Gateway | object | `{"enabled":false}` | Configure standalone NAT46/NAT64 gateway | @@ -718,7 +759,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9","awsDigest":"sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d","azureDigest":"sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd","genericDigest":"sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.6","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c","awsDigest":"sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6","azureDigest":"sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b","genericDigest":"sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.1","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -731,7 +772,7 @@ contributors across the globe, there is almost always someone available to help. | operator.pprof.enabled | bool | `false` | Enable pprof for cilium-operator | | operator.pprof.port | int | `6061` | Configure pprof listen port for cilium-operator | | operator.priorityClassName | string | `""` | The priority class to use for cilium-operator | -| operator.prometheus | object | `{"enabled":true,"port":9963,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":null}}` | Enable prometheus metrics for cilium-operator on the configured port at /metrics | +| operator.prometheus | object | `{"enabled":true,"metricsService":false,"port":9963,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":null}}` | Enable prometheus metrics for cilium-operator on the configured port at /metrics | | operator.prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-operator | | operator.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) | | operator.prometheus.serviceMonitor.interval | string | `"10s"` | Interval for scrape metrics. | @@ -768,7 +809,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -787,7 +828,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.updateStrategy | object | `{"type":"RollingUpdate"}` | preflight update strategy | | preflight.validateCNPs | bool | `true` | By default we should always validate the installed CNPs before upgrading Cilium. This will make sure the user will have the policies deployed in the cluster with the right schema. | | priorityClassName | string | `""` | The priority class to use for cilium-agent. | -| prometheus | object | `{"controllerGroupMetrics":["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"],"enabled":false,"metrics":null,"port":9962,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"trustCRDsExist":false}}` | Configure prometheus metrics on the configured port at /metrics | +| prometheus | object | `{"controllerGroupMetrics":["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"],"enabled":false,"metrics":null,"metricsService":false,"port":9962,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"trustCRDsExist":false}}` | Configure prometheus metrics on the configured port at /metrics | | prometheus.controllerGroupMetrics | list | `["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"]` | - Enable controller group metrics for monitoring specific Cilium subsystems. The list is a list of controller group names. The special values of "all" and "none" are supported. The set of controller group names is not guaranteed to be stable between Cilium versions. | | prometheus.metrics | string | `nil` | Metrics that should be enabled or disabled from the default metric list. The list is expected to be separated by a space. (+metric_foo to enable metric_foo , -metric_bar to disable metric_bar). ref: https://docs.cilium.io/en/stable/observability/metrics/ | | prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-agent | @@ -805,6 +846,8 @@ contributors across the globe, there is almost always someone available to help. | resources | object | `{}` | Agent resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | rollOutCiliumPods | bool | `false` | Roll out cilium agent pods automatically when configmap is updated. | | routingMode | string | `"tunnel"` | Enable native-routing mode or tunneling mode. Possible values: - "" - native - tunnel | +| scheduling | object | `{"mode":"anti-affinity"}` | Scheduling configurations for cilium pods | +| scheduling.mode | string | Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` | Mode specifies how Cilium daemonset pods should be scheduled to Nodes. `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. Pod anti-affinity may significantly impact scheduling throughput for large clusters. See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. Kube-scheduler avoids host port conflict when scheduling pods. | | sctp | object | `{"enabled":false}` | SCTP Configuration Values | | sctp.enabled | bool | `false` | Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. | | securityContext.capabilities.applySysctlOverwrites | list | `["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"]` | capabilities for the `apply-sysctl-overwrites` init container | @@ -828,7 +871,7 @@ contributors across the globe, there is almost always someone available to help. | sysctlfix | object | `{"enabled":true}` | Configure sysctl override described in #20072. | | sysctlfix.enabled | bool | `true` | Enable the sysctl override. When enabled, the init container will mount the /proc of the host so that the `sysctlfix` utility can execute. | | terminationGracePeriodSeconds | int | `1` | Configure termination grace period for cilium-agent DaemonSet. | -| tls | object | `{"ca":{"cert":"","certValidityDuration":1095,"key":""},"caBundle":{"enabled":false,"key":"ca.crt","name":"cilium-root-ca.crt","useSecret":false},"secretsBackend":"local"}` | Configure TLS configuration in the agent. | +| tls | object | `{"ca":{"cert":"","certValidityDuration":1095,"key":""},"caBundle":{"enabled":false,"key":"ca.crt","name":"cilium-root-ca.crt","useSecret":false},"readSecretsOnlyFromSecretsNamespace":null,"secretSync":{"enabled":null},"secretsBackend":null,"secretsNamespace":{"create":true,"name":"cilium-secrets"}}` | Configure TLS configuration in the agent. | | tls.ca | object | `{"cert":"","certValidityDuration":1095,"key":""}` | Base64 encoded PEM values for the CA certificate and private key. This can be used as common CA to generate certificates used by hubble and clustermesh components. It is neither required nor used when cert-manager is used to generate the certificates. | | tls.ca.cert | string | `""` | Optional CA cert. If it is provided, it will be used by cilium to generate all other certificates. Otherwise, an ephemeral CA is generated. | | tls.ca.certValidityDuration | int | `1095` | Generated certificates validity duration in days. This will be used for auto generated CA. | @@ -838,7 +881,13 @@ contributors across the globe, there is almost always someone available to help. | tls.caBundle.key | string | `"ca.crt"` | Entry of the ConfigMap containing the CA trust bundle. | | tls.caBundle.name | string | `"cilium-root-ca.crt"` | Name of the ConfigMap containing the CA trust bundle. | | tls.caBundle.useSecret | bool | `false` | Use a Secret instead of a ConfigMap. | -| tls.secretsBackend | string | `"local"` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). Possible values: - local - k8s | +| tls.readSecretsOnlyFromSecretsNamespace | string | `nil` | Configure if the Cilium Agent will only look in `tls.secretsNamespace` for CiliumNetworkPolicy relevant Secrets. If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access to _all_ secrets in the entire cluster. This is not recommended and is included for backwards compatibility. This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old setting, and `false` == `k8s`. | +| tls.secretSync | object | `{"enabled":null}` | Configures settings for synchronization of TLS Interception Secrets | +| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. | +| tls.secretsBackend | string | `nil` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). This value is DEPRECATED and will be removed in a future version. Use `tls.readSecretsOnlyFromSecretsNamespace` instead. Possible values: - local - k8s | +| tls.secretsNamespace | object | `{"create":true,"name":"cilium-secrets"}` | Configures where secrets used in CiliumNetworkPolicies will be looked for | +| tls.secretsNamespace.create | bool | `true` | Create secrets namespace for TLS Interception secrets. | +| tls.secretsNamespace.name | string | `"cilium-secrets"` | Name of TLS Interception secret namespace. | | tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for agent scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | tunnelPort | int | Port 8472 for VXLAN, Port 6081 for Geneve | Configure VXLAN and Geneve tunnel port. | | tunnelProtocol | string | `"vxlan"` | Tunneling protocol to use in tunneling mode and for ad-hoc tunnels. Possible values: - "" - vxlan - geneve | diff --git a/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json b/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json index a2ba01d8..e6cf5c26 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json +++ b/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json @@ -3,7 +3,10 @@ "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -14,183 +17,272 @@ }, "description": "Dashboard for Cilium (https://cilium.io/) metrics", "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 1, - "iteration": 1606309591568, + "id": 1, "links": [], "panels": [ { - "aliasColors": { - "error": "#890f02", - "warning": "#c15c17" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#c15c17", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 0 }, - "hiddenSeries": false, "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "error", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", "expr": "sum(rate(cilium_errors_warnings_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, level) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{level}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Errors & Warnings", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#cffaff" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#cffaff", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 0 }, - "hiddenSeries": false, "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -198,6 +290,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -205,6 +301,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -212,46 +312,8 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "CPU Usage per node", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -268,72 +330,181 @@ "type": "row" }, { - "aliasColors": { - "AVG_virtual_memory_bytes": "#508642", - "Average Virtual Memory": "#f9d9f9", - "MAX_virtual_memory_bytes": "#e5ac0e", - "Max Virtual Memory": "#584477" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "AVG_virtual_memory_bytes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Average Virtual Memory" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "MAX_virtual_memory_bytes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Virtual Memory" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#584477", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Virtual Memory" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min Virtual Memory" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min Virtual Memory" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 0, "y": 6 }, - "hiddenSeries": false, "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max Virtual Memory", - "fillBelowTo": "Min Virtual Memory", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min Virtual Memory", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -341,6 +512,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -348,6 +523,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -355,103 +534,112 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Virtual Memory Bytes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "MAX_resident_memory_bytes_max": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "MAX_resident_memory_bytes_max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 8, "y": 6 }, - "hiddenSeries": false, "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "interval": "", @@ -460,6 +648,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "interval": "", @@ -468,6 +660,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -475,106 +671,112 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Resident memory status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "all nodes": "#e5a8e2" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "all nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5a8e2", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 16, "y": 6 }, - "hiddenSeries": false, "id": 98, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "all nodes", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -582,6 +784,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -589,6 +795,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -596,6 +806,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -603,54 +817,10 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Open file descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "MAX_resident_memory_bytes_max": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -658,49 +828,102 @@ "description": "BPF memory usage in the entire system including components not managed by Cilium.", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "MAX_resident_memory_bytes_max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 11 }, - "hiddenSeries": false, "id": 178, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -710,6 +933,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -719,6 +946,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -729,54 +960,10 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "System-wide BPF memory usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:136", - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:137", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -784,93 +971,95 @@ "description": "Fill percentage of BPF maps, tagged by map name", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "max": 1, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 11 }, - "hiddenSeries": false, "id": 194, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "cilium_bpf_map_pressure{k8s_app=\"cilium\", pod=~\"$pod\"}", "interval": "", "legendFormat": "", "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "BPF map pressure", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:230", - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.0", - "min": null, - "show": true - }, - { - "$$hashKey": "object:231", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -887,61 +1076,135 @@ "type": "row" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 18 }, - "hiddenSeries": false, "id": 152, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -949,103 +1212,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API call latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 18 }, - "hiddenSeries": false, "id": 153, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_agent_api_process_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1053,103 +1352,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API call latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 24 }, - "hiddenSeries": false, "id": 156, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1157,103 +1492,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# API calls (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 24 }, - "hiddenSeries": false, "id": 157, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1261,103 +1632,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# API calls (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 30 }, - "hiddenSeries": false, "id": 159, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path, return_code)", "format": "time_series", "intervalFactor": 1, @@ -1365,103 +1772,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API return codes (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 30 }, - "hiddenSeries": false, "id": 158, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path, return_code)", "format": "time_series", "intervalFactor": 1, @@ -1469,46 +1912,8 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API return codes (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -1525,14 +1930,7 @@ "type": "row" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -1540,172 +1938,300 @@ "y": 37 }, "id": 144, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "BPF", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 38 }, - "hiddenSeries": false, "id": 146, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", "expr": "avg(rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{operation}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# system calls (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 38 }, - "hiddenSeries": false, "id": 145, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1713,104 +2239,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# system calls (max node)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 46 }, - "hiddenSeries": false, "id": 140, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_bpf_syscall_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/ rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1818,101 +2380,99 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "system call latency (avg node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 46 }, - "hiddenSeries": false, "id": 148, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_bpf_syscall_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/ rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1920,103 +2480,117 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "system call latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 52 }, - "hiddenSeries": false, "id": 142, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, avg(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation))", "format": "time_series", "intervalFactor": 1, @@ -2024,103 +2598,117 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 52 }, - "hiddenSeries": false, "id": 147, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, max(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation))", "format": "time_series", "intervalFactor": 1, @@ -2128,103 +2716,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 52 }, - "hiddenSeries": false, "id": 143, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\",outcome=\"fail\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation)", "format": "time_series", "intervalFactor": 1, @@ -2232,56 +2854,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (sum failures)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -2289,68 +2866,157 @@ "y": 58 }, "id": 182, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "kvstore", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 59 }, - "hiddenSeries": false, "id": 184, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(kvstore_operations_total{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2358,105 +3024,141 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# operations (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 59 }, - "hiddenSeries": false, "id": 186, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(kvstore_operations_total{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2464,104 +3166,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# operations (max node)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 64 }, - "hiddenSeries": false, "id": 188, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, avg(rate(cilium_kvstore_operations_duration_seconds_sum{pod=~\"$pod\"}[1m])) by (pod, action, scope) / avg(rate(cilium_kvstore_operations_duration_seconds_count{pod=~\"$pod\"}[1m])) by (pod, action, scope))", "format": "time_series", "intervalFactor": 1, @@ -2569,103 +3307,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 64 }, - "hiddenSeries": false, "id": 190, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, max(rate(cilium_kvstore_operations_duration_seconds_sum{pod=~\"$pod\"}[1m])) by (pod, action, scope) / avg(rate(cilium_kvstore_operations_duration_seconds_count{pod=~\"$pod\"}[1m])) by (pod, action, scope))", "format": "time_series", "intervalFactor": 1, @@ -2673,101 +3448,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 69 }, - "hiddenSeries": false, "id": 192, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kvstore_events_queue_seconds_count{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2775,56 +3586,11 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Events received (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -2832,63 +3598,112 @@ "y": 75 }, "id": 47, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Cilium network information", "type": "text" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "pps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 76 }, - "hiddenSeries": false, "id": 81, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_forward_count_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, direction)", "format": "time_series", "intervalFactor": 1, @@ -2896,104 +3711,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Forwarded Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 76 }, - "hiddenSeries": false, "id": 111, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "EGRESS", - "yaxis": 1 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_forward_bytes_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, direction) * 8", "format": "time_series", "intervalFactor": 1, @@ -3001,139 +3808,380 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Forwarded Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 82 }, - "hiddenSeries": false, "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3142,6 +4190,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3149,6 +4201,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3156,6 +4212,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3163,6 +4223,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3170,139 +4234,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv4 Conntrack TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 82 }, - "hiddenSeries": false, "id": 128, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3311,6 +4616,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3318,6 +4627,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3325,6 +4638,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3332,6 +4649,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3339,139 +4660,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv6 Conntrack TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 88 }, - "hiddenSeries": false, "id": 129, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3480,6 +5042,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3487,6 +5053,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3494,6 +5064,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3501,6 +5075,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3508,139 +5086,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv4 Conntrack Non-TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 88 }, - "hiddenSeries": false, "id": 130, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3649,6 +5468,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3656,6 +5479,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3663,6 +5490,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3670,6 +5501,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3677,109 +5512,132 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv6 Conntrack Non-TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "ipv4": "#5195ce", - "ipv6": "#6d1f62" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6d1f62", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 94 }, - "hiddenSeries": false, "id": 87, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "" + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_ip_addresses{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod, family)\n", "format": "time_series", "intervalFactor": 1, @@ -3787,102 +5645,127 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Allocated Addresses", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "dump_interrupts conntrack ipv4": "#ea6460", - "dump_interrupts conntrack ipv6": "#58140c" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "dump_interrupts conntrack ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#ea6460", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "dump_interrupts conntrack ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 94 }, - "hiddenSeries": false, "id": 79, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_datapath_conntrack_dump_resets_total{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod, area, family, name)", "format": "time_series", "intervalFactor": 1, @@ -3890,99 +5773,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Datapath Conntrack Dump Resets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 99 }, - "hiddenSeries": false, "id": 106, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_services_events_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, action)", "format": "time_series", "intervalFactor": 1, @@ -3990,108 +5870,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Service Updates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 99 }, - "hiddenSeries": false, "id": 89, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "avg(cilium_unreachable_health_endpoints) by (pod)", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "average unreachable health endpoints", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_unreachable_nodes{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4099,6 +5967,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_unreachable_health_endpoints{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4106,99 +5978,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Connectivity Health", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 104 }, - "hiddenSeries": false, "id": 39, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_count_total{direction=\"EGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason)", "format": "time_series", "intervalFactor": 1, @@ -4206,128 +6075,203 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Egress Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Avg": "#cca300", - "Max": "rgb(167, 150, 111)" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#cca300", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(167, 150, 111)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "add k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "add local-node" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 104 }, - "hiddenSeries": false, "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max", - "fillBelowTo": "Min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min", - "lines": false - }, - { - "alias": "add k8s", - "yaxis": 2 - }, - { - "alias": "delete k8s", - "yaxis": 2 - }, - { - "alias": "update k8s", - "yaxis": 2 - }, - { - "alias": "add local-node", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_nodes_all_events_received_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, event_type, source) * 60", "format": "time_series", "intervalFactor": 1, @@ -4335,99 +6279,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Node Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 109 }, - "hiddenSeries": false, "id": 113, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_bytes_total{direction=\"EGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason) * 8", "format": "time_series", "intervalFactor": 1, @@ -4435,114 +6376,155 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Egress Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Average Nodes": "#eab839", - "Max Nodes": "#c15c17" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Average Nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#eab839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#c15c17", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Nodes" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min Nodes" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min Nodes" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 109 }, - "hiddenSeries": false, "id": 91, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max Nodes", - "fillBelowTo": "Min Nodes", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min Nodes", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4550,6 +6532,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4557,6 +6543,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4564,56 +6554,11 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Nodes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -4621,76 +6566,158 @@ "y": 114 }, "id": 28, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Policy", "type": "text" }, { - "aliasColors": { - "L7 denied request": "#ea6460", - "L7 forwarded request": "#7eb26d", - "denied": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#ea6460", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "denied" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 115 }, - "hiddenSeries": false, "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "L7 denied request", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "denied", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"denied\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4698,6 +6725,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"forwarded\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4705,6 +6736,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"received\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4712,99 +6747,96 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "L7 forwarded request", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 115 }, - "hiddenSeries": false, "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_count_total{direction=\"INGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (reason)", "format": "time_series", "intervalFactor": 1, @@ -4812,123 +6844,207 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Cilium drops Ingress", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})": "#bf1b00", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 120 }, - "hiddenSeries": false, "id": 94, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max per node processingTime", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Max per node upstreamTime", - "yaxis": 2 - }, - { - "alias": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})", - "yaxis": 2 - }, - { - "alias": "parse errors", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_proxy_upstream_reply_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "interval": "", @@ -4937,6 +7053,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4944,99 +7064,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy response time (Avg)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 120 }, - "hiddenSeries": false, "id": 114, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_bytes_total{direction=\"INGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason) * 8", "format": "time_series", "intervalFactor": 1, @@ -5044,125 +7161,209 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Ingress Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#64b0c8", - "count": "#9ac48a", - "max": "#5195ce", - "min": "#6ed0e0" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#64b0c8", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "count" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#9ac48a", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg count" + }, + "properties": [ + { + "id": "unit", + "value": "opm" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max count" + }, + "properties": [ + { + "id": "unit", + "value": "opm" + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 125 }, - "hiddenSeries": false, "id": 104, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false - }, - { - "alias": "avg count", - "yaxis": 2 - }, - { - "alias": "max count", - "yaxis": 2 - }, - { - "alias": "avg count" + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5170,6 +7371,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5177,6 +7382,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5184,110 +7393,156 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Trigger Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 125 }, - "hiddenSeries": false, "id": 66, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "parse errors", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_proxy_upstream_reply_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5295,6 +7550,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}[1m])) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5302,107 +7561,159 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy response time (Max)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "both": "#7eb26d", - "egress": "#e5ac0e", - "ingress": "#e0752d", - "none": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "both" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "egress" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ingress" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0752d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 6, "x": 0, "y": 130 }, - "hiddenSeries": false, "id": 33, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_policy_endpoint_enforcement_status{k8s_app=\"cilium\", pod=~\"$pod\"}) by (enforcement)", "format": "time_series", "hide": false, @@ -5413,115 +7724,170 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoints policy enforcement status", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#b7dbab", - "max": "rgba(89, 132, 76, 0.54)", - "min": "#2f575e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#b7dbab", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgba(89, 132, 76, 0.54)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#2f575e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 6, "x": 6, "y": 130 }, - "hiddenSeries": false, "id": 100, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5529,6 +7895,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5536,6 +7906,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5543,120 +7917,227 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy Redirects", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "average duration": "#d683ce", - "folds": "#614d93", - "max duration": "#614d93", - "max trigger": "#967302", - "min duration": "#584477", - "min trigger": "#fceaca" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "average duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#d683ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "folds" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max trigger" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#967302", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#584477", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min trigger" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#fceaca", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min trigger" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min trigger" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "folds" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 2, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 130 }, - "hiddenSeries": false, "id": 102, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min trigger", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min trigger", - "lines": false - }, - { - "alias": "folds", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5664,6 +8145,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5671,6 +8156,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5678,6 +8167,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_folds{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5685,123 +8178,172 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Trigger Runs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "max": "#f2c96d", - "policy errors": "#bf1b00", - "policy change errors": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f2c96d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "policy change errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "policy errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 135 }, - "hiddenSeries": false, "id": 85, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "policy errors", - "yaxis": 2 + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "policy change errors", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5809,6 +8351,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5816,6 +8362,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5823,6 +8373,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_policy_change_total{k8s_app=\"cilium\", pod=~\"$pod\", outcome=\"fail\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5830,110 +8384,160 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policies Per Node", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "s" + }, + { + "id": "custom.axisPlacement", + "value": "hidden" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 135 }, - "hiddenSeries": false, "id": 123, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "parse errors", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5941,113 +8545,170 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "DNS proxy requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#f9d9f9", - "max": "#806eb7", - "min": "#806eb7" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 140 }, - "hiddenSeries": false, "id": 117, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6055,6 +8716,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6062,6 +8727,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6069,56 +8738,11 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Revision", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6126,66 +8750,114 @@ "y": 145 }, "id": 73, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Endpoints", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 146 }, - "hiddenSeries": false, "id": 55, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(histogram_quantile(0.90, rate(cilium_endpoint_regeneration_time_stats_seconds_bucket{k8s_app=\"cilium\", scope!=\"total\", pod=~\"$pod\"}[5m]))) by (scope)", "format": "time_series", "intervalFactor": 1, @@ -6193,102 +8865,98 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regeneration time (90th percentile)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 146 }, - "hiddenSeries": false, "id": 115, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(histogram_quantile(0.99, rate(cilium_endpoint_regeneration_time_stats_seconds_bucket{k8s_app=\"cilium\", scope!=\"total\", pod=~\"$pod\"}[5m]))) by (scope)", "format": "time_series", "intervalFactor": 1, @@ -6296,112 +8964,160 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regeneration time (99th percentile)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "fail": "#bf1b00", - "fail/min": "#890f02", - "success": "#447ebc", - "success/min": "#3f6833" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail/min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success/min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#3f6833", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 3, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 155 }, - "hiddenSeries": false, "id": 49, - "legend": { - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "fail", - "yaxis": 2 + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "success" + "tooltip": { + "mode": "single", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_endpoint_regenerations_total{k8s_app=\"cilium\", pod=~\"$pod\"}[30s])) by(outcome)", "format": "time_series", "instant": false, @@ -6410,104 +9126,144 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regenerations", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "disconnecting": "#614d93", - "ready": "rgba(81, 220, 95, 0.52)", - "waiting-to-regenerate": "#0a50a1" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "disconnecting" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ready" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgba(81, 220, 95, 0.52)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "waiting-to-regenerate" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 155 }, - "hiddenSeries": false, "id": 51, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_endpoint_state{k8s_app=\"cilium\", pod=~\"$pod\"}) by (endpoint_state)", "format": "time_series", "intervalFactor": 1, @@ -6515,56 +9271,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Cilium endpoint state", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6572,77 +9283,161 @@ "y": 160 }, "id": 74, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Controllers", "type": "text" }, { - "aliasColors": { - "Failed": "#bf1b00", - "Failing": "#890f02", - "Runs": "#5195ce" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Failing" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Runs" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 3, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 161 }, - "hiddenSeries": false, "id": 70, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Failing", - "yaxis": 1 + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Failed", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_controllers_runs_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6650,6 +9445,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_controllers_failing{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -6657,120 +9456,192 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Controllers", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "duration failure": "#890f02", - "duration success": "#508642", - "failure": "#890f02", - "runs failure": "#890f02", - "runs success": "#7eb26d", - "success": "#508642" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "duration failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "duration success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "runs failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "runs success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 161 }, - "hiddenSeries": false, "id": 68, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "hideEmpty": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [ - { - "alias": "success", - "yaxis": 1 + "legend": { + "calcs": [ + "mean", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "failure", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", + "repeatDirection": "h", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_controllers_runs_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, status) / sum(rate(cilium_controllers_runs_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, status)", "format": "time_series", "intervalFactor": 1, @@ -6778,56 +9649,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Controller Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6835,67 +9661,153 @@ "y": 166 }, "id": 60, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Kubernetes integration", "type": "text" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 167 }, - "hiddenSeries": false, "id": 163, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_k8s_client_api_latency_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -6903,103 +9815,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 167 }, - "hiddenSeries": false, "id": 165, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_k8s_client_api_latency_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -7007,103 +9953,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 174 }, - "hiddenSeries": false, "id": 168, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -7111,103 +10094,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver #calls (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 174 }, - "hiddenSeries": false, "id": 166, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_k8s_client_api_calls_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, return_code)", "format": "time_series", "intervalFactor": 1, @@ -7215,102 +10234,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver calls (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 182 }, - "hiddenSeries": false, "id": 172, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"true\", valid=\"true\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7318,101 +10374,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Valid, Unnecessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 182 }, - "hiddenSeries": false, "id": 174, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"true\", valid=\"false\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7420,101 +10514,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Invalid, Unnecessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 188 }, - "hiddenSeries": false, "id": 175, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"false\", valid=\"true\", pod=~\"$pod\"}[5m])) by (pod, scope, action, valid)", "format": "time_series", "intervalFactor": 1, @@ -7522,101 +10654,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Valid, Necessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 188 }, - "hiddenSeries": false, "id": 173, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"false\", valid=\"false\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7624,101 +10794,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Invalid, Necessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 196 }, - "hiddenSeries": false, "id": 108, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"CiliumNetworkPolicy\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7726,105 +10891,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "CiliumNetworkPolicy Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 196 }, - "hiddenSeries": false, "id": 119, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"NetworkPolicy\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7832,105 +11034,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "NetworkPolicy Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 203 }, - "hiddenSeries": false, "id": 109, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Pod\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7938,105 +11177,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Pod Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 203 }, - "hiddenSeries": false, "id": 122, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Node\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8044,101 +11320,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Node Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 210 }, - "hiddenSeries": false, "id": 118, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Service\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8146,101 +11417,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Service Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 210 }, - "hiddenSeries": false, "id": 120, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Endpoint\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8248,101 +11514,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoints Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 217 }, - "hiddenSeries": false, "id": 121, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Namespace\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8350,51 +11611,12 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Namespace Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" } ], "refresh": false, - "schemaVersion": 25, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -8427,7 +11649,6 @@ "definition": "label_values(cilium_version, pod)", "hide": 0, "includeAll": true, - "label": null, "multi": false, "name": "pod", "options": [], @@ -8437,7 +11658,6 @@ "skipUrlSync": false, "sort": 1, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false @@ -8475,5 +11695,6 @@ "timezone": "utc", "title": "Cilium Metrics", "uid": "vtuWtdumz", - "version": 1 + "version": 1, + "weekStart": "" } diff --git a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml index 857529bf..b6438cb6 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml +++ b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml @@ -157,6 +157,9 @@ staticResources: - name: "ingress-cluster" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -170,6 +173,9 @@ staticResources: - name: "egress-cluster-tls" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -188,6 +194,9 @@ staticResources: - name: "egress-cluster" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -201,6 +210,9 @@ staticResources: - name: "ingress-cluster-tls" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -274,6 +286,13 @@ overloadManager: typedConfig: "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig" max_active_downstream_connections: "50000" +applicationLogConfig: + logFormat: + {{- if .Values.envoy.log.format_json }} + jsonFormat: "{{ .Values.envoy.log.format_json | toJson }}" + {{- else }} + textFormat: "{{ .Values.envoy.log.format }}" + {{- end }} admin: address: pipe: diff --git a/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json b/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json index 116c2c98..3af7c97b 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json +++ b/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json @@ -1001,7 +1001,13 @@ "style": "dark", "tags": [], "templating": { - "list": [] + "list": [ + { + "type": "datasource", + "name": "DS_PROMETHEUS", + "query": "prometheus" + } + ] }, "time": { "from": "now-30m", diff --git a/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash b/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash index aaaba092..aa63cac8 100644 --- a/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash +++ b/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash @@ -116,6 +116,8 @@ else exec /home/kubernetes/bin/the-kubelet "${@}" --network-plugin=cni --cni-bin-dir={{ .Values.cni.binPath }} fi EOF + echo "Restarting the kubelet..." + systemctl restart kubelet else echo "Kubelet wrapper already exists, skipping..." fi @@ -135,10 +137,10 @@ else echo "Changing kubelet configuration to --network-plugin=cni --cni-bin-dir={{ .Values.cni.binPath }}" mkdir -p {{ .Values.cni.binPath }} sed -i "s:--network-plugin=kubenet:--network-plugin=cni\ --cni-bin-dir={{ .Values.cni.binPath }}:g" "${KUBELET_DEFAULTS_FILE}" + echo "Restarting the kubelet..." + systemctl restart kubelet fi fi -echo "Restarting the kubelet..." -systemctl restart kubelet {{- end }} {{- if (and .Values.gke.enabled (or .Values.enableIPv4Masquerade .Values.gke.disableDefaultSnat))}} @@ -159,44 +161,6 @@ mkdir -p {{ .Values.nodeinit.bootstrapFile | dir | quote }} date > {{ .Values.nodeinit.bootstrapFile | quote }} {{- end }} -{{- if .Values.azure.enabled }} -# AKS: If azure-vnet is installed on the node, and (still) configured in bridge mode, -# configure it as 'transparent' to be consistent with Cilium's CNI chaining config. -# If the azure-vnet CNI config is not removed, kubelet will execute CNI CHECK commands -# against it every 5 seconds and write 'bridge' to its state file, causing inconsistent -# behaviour when Pods are removed. -if [ -f /etc/cni/net.d/10-azure.conflist ]; then - echo "Ensuring azure-vnet is configured in 'transparent' mode..." - sed -i 's/"mode":\s*"bridge"/"mode":"transparent"/g' /etc/cni/net.d/10-azure.conflist -fi - -# The azure0 interface being present means the node was booted with azure-vnet configured -# in bridge mode. This means there might be ebtables rules and neight entries interfering -# with pod connectivity if we deploy with Azure IPAM. -if ip l show dev azure0 >/dev/null 2>&1; then - - # In Azure IPAM mode, also remove the azure-vnet state file, otherwise ebtables rules get - # restored by the azure-vnet CNI plugin on every CNI CHECK, which can cause connectivity - # issues in Cilium-managed Pods. Since azure-vnet is no longer called on scheduling events, - # this file can be removed. - rm -f /var/run/azure-vnet.json - - # This breaks connectivity for existing workload Pods when Cilium is scheduled, but we need - # to flush these to prevent Cilium-managed Pod IPs conflicting with Pod IPs previously allocated - # by azure-vnet. These ebtables DNAT rules contain fixed MACs that are no longer bound on the node, - # causing packets for these Pods to be redirected back out to the gateway, where they are dropped. - echo 'Flushing ebtables pre/postrouting rules in nat table.. (disconnecting non-Cilium Pods!)' - ebtables -t nat -F PREROUTING || true - ebtables -t nat -F POSTROUTING || true - - # ip-masq-agent periodically injects PERM neigh entries towards the gateway - # for all other k8s nodes in the cluster. These are safe to flush, as ARP can - # resolve these nodes as usual. PERM entries will be automatically restored later. - echo 'Deleting all permanent neighbour entries on azure0...' - ip neigh show dev azure0 nud permanent | cut -d' ' -f1 | xargs -r -n1 ip neigh del dev azure0 to || true -fi -{{- end }} - {{- if .Values.nodeinit.revertReconfigureKubelet }} rm -f /tmp/node-deinit.cilium.io {{- end }} diff --git a/packages/system/cilium/charts/cilium/files/spire/init.bash b/packages/system/cilium/charts/cilium/files/spire/init.bash index 4b6f57bd..4edb682c 100644 --- a/packages/system/cilium/charts/cilium/files/spire/init.bash +++ b/packages/system/cilium/charts/cilium/files/spire/init.bash @@ -22,9 +22,9 @@ echo "Spire Server is up, initializing cilium spire entries..." AGENT_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/ns/{{ .Values.authentication.mutual.spire.install.namespace }}/sa/spire-agent" AGENT_SELECTORS="-selector k8s_psat:agent_ns:{{ .Values.authentication.mutual.spire.install.namespace }} -selector k8s_psat:agent_sa:spire-agent" CILIUM_AGENT_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/cilium-agent" -CILIUM_AGENT_SELECTORS="-selector k8s:ns:{{ .Release.Namespace }} -selector k8s:sa:{{ .Values.serviceAccounts.cilium.name }}" +CILIUM_AGENT_SELECTORS="-selector k8s:ns:{{ include "cilium.namespace" . }} -selector k8s:sa:{{ .Values.serviceAccounts.cilium.name }}" CILIUM_OPERATOR_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/cilium-operator" -CILIUM_OPERATOR_SELECTORS="-selector k8s:ns:{{ .Release.Namespace }} -selector k8s:sa:{{ .Values.serviceAccounts.operator.name }}" +CILIUM_OPERATOR_SELECTORS="-selector k8s:ns:{{ include "cilium.namespace" . }} -selector k8s:sa:{{ .Values.serviceAccounts.operator.name }}" while pgrep spire-server > /dev/null; do diff --git a/packages/system/cilium/charts/cilium/templates/_extensions.tpl b/packages/system/cilium/charts/cilium/templates/_extensions.tpl index 28168ff8..5da57e2e 100644 --- a/packages/system/cilium/charts/cilium/templates/_extensions.tpl +++ b/packages/system/cilium/charts/cilium/templates/_extensions.tpl @@ -48,3 +48,9 @@ disable-server-tls: true {{- define "hubble-relay.service.targetPort" -}} grpc {{- end }} + +{{/* +Allow packagers to add extra configuration to certgen. +*/}} +{{- define "certgen.config.extra" -}} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/_helpers.tpl index 8ae12c1f..dc113ba0 100644 --- a/packages/system/cilium/charts/cilium/templates/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/_helpers.tpl @@ -5,6 +5,13 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Return the namespace to use for namespaced resources. +*/}} +{{- define "cilium.namespace" -}} +{{- .Values.namespaceOverride | default .Release.Namespace -}} +{{- end -}} + {{/* Render full image name from given values, e.g: ``` @@ -15,14 +22,18 @@ image: digest: abcdefgh ``` then `include "cilium.image" .Values.image` -will return `quay.io/cilium/cilium:v1.10.1@abcdefgh` +will return `quay.io/cilium/cilium:v1.10.1@abcdefgh`. +Note that you can omit the tag by setting its value to `null` or `""` (in case +your container engine doesn't support specifying both the tag and digest for +instance). */}} {{- define "cilium.image" -}} {{- $digest := (.useDigest | default false) | ternary (printf "@%s" .digest) "" -}} +{{- $tag := .tag | default "" | eq "" | ternary "" (printf ":%s" .tag) -}} {{- if .override -}} {{- printf "%s" .override -}} {{- else -}} -{{- printf "%s:%s%s" .repository .tag $digest -}} +{{- printf "%s%s%s" .repository $tag $digest -}} {{- end -}} {{- end -}} @@ -65,7 +76,7 @@ and `commonCASecretName` variables. {{- if and $crt $key }} {{- $ca = buildCustomCert $crt $key -}} {{- else }} - {{- with lookup "v1" "Secret" .Release.Namespace $secretName }} + {{- with lookup "v1" "Secret" (include "cilium.namespace" .) $secretName }} {{- $crt := index .data "ca.crt" }} {{- $key := index .data "ca.key" }} {{- $ca = buildCustomCert $crt $key -}} @@ -112,11 +123,16 @@ Convert a map to a comma-separated string: key1=value1,key2=value2 {{- end -}} {{/* -Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap (kubeadm-based clusters only) +Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap +When `auto`, it defaults to lookup for a `cluster-info` configmap on the `kube-public` namespace (kubeadm-based) +To override the namespace and configMap when using `auto`: +`.Values.k8sServiceLookupNamespace` and `.Values.k8sServiceLookupConfigMapName` */}} {{- define "k8sServiceHost" }} - {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} - {{- $configmap := (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} + {{- $configmapName := default "cluster-info" .Values.k8sServiceLookupConfigMapName }} + {{- $configmapNamespace := default "kube-public" .Values.k8sServiceLookupNamespace }} + {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} + {{- $configmap := (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} {{- $kubeconfig := get $configmap.data "kubeconfig" }} {{- $k8sServer := get ($kubeconfig | fromYaml) "clusters" | mustFirst | dig "cluster" "server" "" }} {{- $uri := (split "https://" $k8sServer)._1 | trim }} @@ -127,11 +143,16 @@ Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap (kubea {{- end }} {{/* -Enable automatic lookup of k8sServicePort from the cluster-info ConfigMap (kubeadm-based clusters only) +Enable automatic lookup of k8sServicePort from the cluster-info ConfigMap +When `auto`, it defaults to lookup for a `cluster-info` configmap on the `kube-public` namespace (kubeadm-based) +To override the namespace and configMap when using `auto`: +`.Values.k8sServiceLookupNamespace` and `.Values.k8sServiceLookupConfigMapName` */}} {{- define "k8sServicePort" }} - {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} - {{- $configmap := (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} + {{- $configmapName := default "cluster-info" .Values.k8sServiceLookupConfigMapName }} + {{- $configmapNamespace := default "kube-public" .Values.k8sServiceLookupNamespace }} + {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} + {{- $configmap := (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} {{- $kubeconfig := get $configmap.data "kubeconfig" }} {{- $k8sServer := get ($kubeconfig | fromYaml) "clusters" | mustFirst | dig "cluster" "server" "" }} {{- $uri := (split "https://" $k8sServer)._1 | trim }} @@ -157,3 +178,35 @@ Return user specify envoy.enabled or default value based on the upgradeCompatibi {{- end }} {{- end }} {{- end }} + +{{/* +Return user specify tls.readSecretsOnlyFromSecretsNamespace and take into account tls.secretsBackend +*/}} +{{- define "readSecretsOnlyFromSecretsNamespace" }} + {{- if (not (kindIs "invalid" .Values.tls.readSecretsOnlyFromSecretsNamespace)) }} + {{- .Values.tls.readSecretsOnlyFromSecretsNamespace }} + {{- else if (not (kindIs "invalid" .Values.tls.secretsBackend)) }} + {{- if eq .Values.tls.secretsBackend "local" }} + {{- true }} + {{- else }} + {{ false }} + {{- end }} + {{- else }} + {{- true }} + {{- end }} +{{- end }} + +{{/* +Return user specify tls.secretSync.enabled or default value based on the upgradeCompatibility +*/}} +{{- define "secretSyncEnabled" }} + {{- if (not (kindIs "invalid" .Values.tls.secretSync.enabled)) }} + {{- .Values.tls.secretSync.enabled }} + {{- else }} + {{- if semverCompare ">=1.17" (default "1.17" .Values.upgradeCompatibility) }} + {{- true }} + {{- else }} + {{- false }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml index 900ddd87..6aef1b21 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml @@ -1,3 +1,5 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) .Values.rbac.create }} {{- /* Keep file in sync with cilium-preflight/clusterrole.yaml @@ -12,6 +14,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - networking.k8s.io @@ -82,7 +87,7 @@ rules: # until we figure out how to avoid "get" inside the preflight, and then # should be removed ideally. - get -{{- if eq "k8s" .Values.tls.secretsBackend }} +{{- if not $readSecretsOnlyFromSecretsNamespace }} - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml index f05729ad..0003b513 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml index 27498c50..efe748cc 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -16,7 +16,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -25,9 +25,12 @@ metadata: k8s-app: cilium app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.keepDeprecatedLabels }} kubernetes.io/cluster-service: "true" - {{- if and .Values.gke.enabled (eq .Release.Namespace "kube-system" ) }} + {{- if and .Values.gke.enabled (eq (include "cilium.namespace" .) "kube-system" ) }} {{- fail "Invalid configuration: Installing Cilium on GKE with 'kubernetes.io/cluster-service' labels on 'kube-system' namespace causes Cilium DaemonSet to be removed by GKE. Either install Cilium on a different Namespace or install with '--set keepDeprecatedLabels=false'" }} {{- end }} {{- end }} @@ -73,6 +76,9 @@ spec: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.keepDeprecatedLabels }} kubernetes.io/cluster-service: "true" {{- end }} @@ -250,7 +256,7 @@ spec: protocol: TCP {{- end }} {{- end }} - {{- if .Values.hubble.metrics.enabled }} + {{- if or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled }} - name: hubble-metrics containerPort: {{ .Values.hubble.metrics.port }} hostPort: {{ .Values.hubble.metrics.port }} @@ -358,11 +364,6 @@ spec: mountPath: {{ .Values.kubeConfigPath }} readOnly: true {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - mountPath: /var/lib/cilium/bgp - readOnly: true - {{- end }} {{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-tls mountPath: /var/lib/cilium/tls/hubble-metrics @@ -383,6 +384,11 @@ spec: mountPropagation: {{ .mountPropagation }} {{- end }} {{- end }} + {{- if .Values.hubble.metrics.dynamic.enabled }} + - name: hubble-dynamic-metrics-config + mountPath: /dynamic-metrics-config + readOnly: true + {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} - name: hubble-flowlog-config mountPath: /flowlog-config @@ -763,10 +769,12 @@ spec: {{- if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy }} {{- end }} + {{- if (eq .Values.scheduling.mode "anti-affinity") }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -955,11 +963,6 @@ spec: configMap: name: {{ .Values.cni.configMap }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - configMap: - name: bgp-config - {{- end }} {{- if not .Values.securityContext.privileged }} - name: host-proc-sys-net hostPath: @@ -1035,6 +1038,12 @@ spec: {{- end }} {{- end }} + {{- if .Values.hubble.metrics.dynamic.enabled }} + - name: hubble-dynamic-metrics-config + configMap: + name: {{ .Values.hubble.metrics.dynamic.config.configMapName }} + optional: true + {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} - name: hubble-flowlog-config configMap: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml index 6f19135d..c0ce2c2b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml @@ -7,11 +7,14 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if $.Values.dashboards.label }} {{ $.Values.dashboards.label }}: {{ ternary $.Values.dashboards.labelValue "1" (not (empty $.Values.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml index e4ad86d1..0a2b43d1 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml @@ -1,16 +1,21 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cilium-config-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -114,3 +119,27 @@ rules: - list - watch {{- end}} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $readSecretsOnlyFromSecretsNamespace .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml index cfa8697b..01404e5f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml @@ -1,16 +1,21 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cilium-config-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -18,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.name}} @@ -41,7 +46,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.name}} @@ -64,7 +69,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.envoyConfig.enabled .Values.envoyConfig.secretsNamespace.name}} @@ -87,7 +92,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.bgpControlPlane.enabled .Values.bgpControlPlane.secretsNamespace.name}} @@ -106,5 +111,24 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} + +{{- if and $readSecretsOnlyFromSecretsNamespace .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-tlsinterception-secrets +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccounts.cilium.name | quote }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml index df97f5ca..ecccdbe9 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml @@ -1,11 +1,11 @@ {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.prometheus.enabled }} -{{- if .Values.prometheus.serviceMonitor.enabled }} +{{- if (or .Values.prometheus.serviceMonitor.enabled .Values.prometheus.metricsService) }} apiVersion: v1 kind: Service metadata: name: cilium-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP @@ -35,7 +38,7 @@ apiVersion: v1 kind: Service metadata: name: cilium-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} annotations: prometheus.io/scrape: "true" prometheus.io/port: {{ .Values.envoy.prometheus.port | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml index 2c2cf399..f0236fd3 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.cilium.annotations .Values.annotations }} annotations: {{- with .Values.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml index c2ffa66c..09d11a5d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml @@ -4,9 +4,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-agent - namespace: {{ .Values.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -22,10 +25,10 @@ metadata: spec: selector: matchLabels: - k8s-app: cilium + app.kubernetes.io/name: cilium-agent namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.prometheus.serviceMonitor.interval | quote }} @@ -39,7 +42,11 @@ spec: metricRelabelings: {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.envoy.prometheus.serviceMonitor.enabled }} + # If envoy DaemonSet is enabled, we'll create a separate service for it + # If it is not enabled, that means envoy runs inside cilium-agent and we'll monitor using same service + {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} + {{- if and (not $envoyDS) (not .Values.preflight.enabled) .Values.envoy.prometheus.enabled .Values.envoy.prometheus.serviceMonitor.enabled }} + {{- if and .Values.envoy.enabled .Values.envoy.prometheus.serviceMonitor.enabled }} - port: envoy-metrics interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }} honorLabels: true @@ -53,6 +60,7 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + {{- end }} targetLabels: - k8s-app {{- if .Values.prometheus.serviceMonitor.jobLabel }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml index 38522458..8282fbf8 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: {{ .Values.tls.caBundle.useSecret | ternary "Secret" "ConfigMap" }} metadata: name: {{ .Values.tls.caBundle.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{ .Values.tls.caBundle.useSecret | ternary "stringData" "data" }}: {{ .Values.tls.caBundle.key }}: | {{- .Values.tls.caBundle.content | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml index f2225b93..f5a6674d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml @@ -10,7 +10,11 @@ apiVersion: v1 kind: Secret metadata: name: {{ .commonCASecretName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: ca.crt: {{ .commonCA.Cert | b64enc }} ca.key: {{ .commonCA.Key | b64enc }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml index 53946cab..aa461187 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml @@ -16,6 +16,8 @@ {{- $defaultK8sClientBurst := 10 -}} {{- $defaultDNSProxyEnableTransparentMode := "false" -}} {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} {{- /* Default values when 1.8 was initially deployed */ -}} {{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}} @@ -89,7 +91,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cilium-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: {{- if .Values.etcd.enabled }} # The kvstore configuration is used to enable use of a kvstore for state @@ -125,7 +131,8 @@ data: {{- end }} # Identity allocation mode selects how identities are shared between cilium - # nodes by setting how they are stored. The options are "crd" or "kvstore". + # nodes by setting how they are stored. The options are "crd", "kvstore" or + # "doublewrite-readkvstore" / "doublewrite-readcrd". # - "crd" stores identities in kubernetes as CRDs (custom resource definition). # These can be queried with: # kubectl get ciliumid @@ -134,7 +141,11 @@ data: # backend. Upgrades from these older cilium versions should continue using # the kvstore by commenting out the identity-allocation-mode below, or # setting it to "kvstore". + # - "doublewrite" modes store identities in both the kvstore and CRDs. This is useful + # for seamless migrations from the kvstore mode to the crd mode. Consult the + # documentation for more information on how to perform the migration. identity-allocation-mode: {{ .Values.identityAllocationMode }} + identity-heartbeat-timeout: {{ include "validateDuration" .Values.operator.identityHeartbeatTimeout | quote }} identity-gc-interval: {{ include "validateDuration" .Values.operator.identityGCInterval | quote }} cilium-endpoint-gc-interval: {{ include "validateDuration" .Values.operator.endpointGCInterval | quote }} @@ -278,6 +289,15 @@ data: gateway-api-hostnetwork-nodelabelselector: {{ include "mapToString" .Values.gatewayAPI.hostNetwork.nodes.matchLabels | quote }} {{- end }} +{{- if and $readSecretsOnlyFromSecretsNamespace $secretSyncEnabled }} + enable-policy-secrets-sync: "true" +{{- end }} + +{{- if $readSecretsOnlyFromSecretsNamespace }} + policy-secrets-only-from-secrets-namespace: "true" + policy-secrets-namespace: {{ .Values.tls.secretsNamespace.name | quote}} +{{- end }} + {{- if hasKey .Values "loadBalancer" }} {{- if eq .Values.loadBalancer.l7.backend "envoy" }} loadbalancer-l7: "envoy" @@ -351,6 +371,13 @@ data: +{{- if .Values.bpf.events.default.rateLimit }} + bpf-events-default-rate-limit: {{ .Values.bpf.events.default.rateLimit | quote }} +{{- end }} +{{- if .Values.bpf.events.default.burstLimit }} + bpf-events-default-burst-limit: {{ .Values.bpf.events.default.burstLimit | quote }} +{{- end}} + {{- if .Values.bpf.mapDynamicSizeRatio }} # Specifies the ratio (0.0-1.0] of total system memory to use for dynamic # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps. @@ -398,6 +425,9 @@ data: bpf-ct-global-any-max: {{ $bpfCtAnyMax | quote }} {{- end }} {{- end }} +{{- if .Values.bpf.ctAccounting }} + bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting }}" +{{- end }} {{- if .Values.bpf.natMax }} # bpf-nat-global-max specified the maximum number of entries in the # BPF NAT table. @@ -421,6 +451,15 @@ data: {{- if hasKey .Values.bpf "lbExternalClusterIP" }} bpf-lb-external-clusterip: {{ .Values.bpf.lbExternalClusterIP | quote }} {{- end }} +{{- if hasKey .Values.bpf "lbSourceRangeAllTypes" }} + bpf-lb-source-range-all-types: {{ .Values.bpf.lbSourceRangeAllTypes | quote }} +{{- end }} +{{- if hasKey .Values.bpf "lbAlgorithmAnnotation" }} + bpf-lb-algorithm-annotation: {{ .Values.bpf.lbAlgorithmAnnotation | quote }} +{{- end }} +{{- if hasKey .Values.bpf "lbModeAnnotation" }} + bpf-lb-mode-annotation: {{ .Values.bpf.lbModeAnnotation | quote }} +{{- end }} bpf-events-drop-enabled: {{ .Values.bpf.events.drop.enabled | quote }} bpf-events-policy-verdict-enabled: {{ .Values.bpf.events.policyVerdict.enabled | quote }} @@ -461,25 +500,15 @@ data: {{- if ne (.Values.routingMode | default "native") "native" }} {{- fail (printf "RoutingMode must be set to native when gke.enabled=true" )}} {{- end }} - routing-mode: "native" enable-endpoint-routes: "true" {{- else if .Values.aksbyocni.enabled }} {{- if ne (.Values.routingMode | default "tunnel") "tunnel" }} {{- fail (printf "RoutingMode must be set to tunnel when aksbyocni.enabled=true" )}} {{- end }} - routing-mode: "tunnel" - tunnel-protocol: "vxlan" -{{- else if .Values.routingMode }} - routing-mode: {{ .Values.routingMode | quote }} -{{- else }} - # Default case - routing-mode: "tunnel" - tunnel-protocol: "vxlan" {{- end }} -{{- if .Values.tunnelProtocol }} - tunnel-protocol: {{ .Values.tunnelProtocol | quote }} -{{- end }} + routing-mode: {{ .Values.routingMode | default (ternary "native" "tunnel" .Values.gke.enabled) | quote }} + tunnel-protocol: {{ .Values.tunnelProtocol | default "vxlan" | quote }} {{- if .Values.tunnelPort }} tunnel-port: {{ .Values.tunnelPort | quote }} @@ -614,9 +643,6 @@ data: enable-ipsec-encrypted-overlay: {{ .Values.encryption.ipsec.encryptedOverlay | quote }} {{- else if eq .Values.encryption.type "wireguard" }} enable-wireguard: {{ .Values.encryption.enabled | quote }} - {{- if .Values.encryption.wireguard.userspaceFallback }} - enable-wireguard-userspace-fallback: {{ .Values.encryption.wireguard.userspaceFallback | quote }} - {{- end }} {{- if .Values.encryption.wireguard.persistentKeepalive }} wireguard-persistent-keepalive: {{ .Values.encryption.wireguard.persistentKeepalive | quote }} {{- end }} @@ -725,12 +751,12 @@ data: {{- end }} {{- if hasKey .Values "hostPort" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "partial" }} enable-host-port: {{ .Values.hostPort.enabled | quote }} {{- end }} {{- end }} {{- if hasKey .Values "externalIPs" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "partial" }} enable-external-ips: {{ .Values.externalIPs.enabled | quote }} {{- end }} {{- end }} @@ -776,6 +802,13 @@ data: {{- end }} {{- if hasKey .Values.loadBalancer "serviceTopology" }} enable-service-topology: {{ .Values.loadBalancer.serviceTopology | quote }} +# {{- end }} + +{{- if hasKey .Values.loadBalancer "experimental" }} + enable-experimental-lb: {{ .Values.loadBalancer.experimental | quote }} +{{- end }} +{{- if hasKey .Values.loadBalancer "protocolDifferentiation" }} + bpf-lb-proto-diff: {{ .Values.loadBalancer.protocolDifferentiation.enabled | quote }} {{- end }} {{- end }} @@ -826,9 +859,13 @@ data: {{- if and .Values.endpointRoutes .Values.endpointRoutes.enabled }} enable-endpoint-routes: {{ .Values.endpointRoutes.enabled | quote }} {{- end }} +{{- if and .Values.ipam .Values.ipam.installUplinkRoutesForDelegatedIPAM }} + install-uplink-routes-for-delegated-ipam: {{ .Values.ipam.installUplinkRoutesForDelegatedIPAM | quote }} +{{- end }} {{- if hasKey .Values.k8sNetworkPolicy "enabled" }} enable-k8s-networkpolicy: {{ .Values.k8sNetworkPolicy.enabled | quote }} {{- end }} + enable-endpoint-lockdown-on-policy-overflow: {{ .Values.endpointLockdownOnMapOverflow | quote }} {{- if .Values.cni.configMap }} read-cni-conf: {{ .Values.cni.confFileMountPath }}/{{ .Values.cni.configMapKey }} {{- if .Values.cni.customConf }} @@ -868,6 +905,9 @@ data: {{- if hasKey .Values "healthChecking" }} enable-health-checking: {{ .Values.healthChecking | quote }} {{- end }} +{{- if .Values.healthCheckICMPFailureThreshold }} + health-check-icmp-failure-threshold: {{ .Values.healthCheckICMPFailureThreshold | quote }} +{{- end }} {{- if .Values.wellKnownIdentities.enabled }} enable-well-known-identities: "true" {{- else }} @@ -957,13 +997,17 @@ data: {{- if .Values.hubble.export.static.enabled }} hubble-export-file-path: {{ .Values.hubble.export.static.filePath | quote }} hubble-export-fieldmask: {{ .Values.hubble.export.static.fieldMask | join " " | quote }} - hubble-export-allowlist: {{ .Values.hubble.export.static.allowList | join "," | quote }} - hubble-export-denylist: {{ .Values.hubble.export.static.denyList | join "," | quote }} + hubble-export-allowlist: {{ .Values.hubble.export.static.allowList | join " " | quote }} + hubble-export-denylist: {{ .Values.hubble.export.static.denyList | join " " | quote }} {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} hubble-flowlogs-config-path: /flowlog-config/flowlogs.yaml {{- end }} {{- end }} +{{- if .Values.hubble.metrics.dynamic.enabled }} + hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml + hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}" +{{- end }} {{- if hasKey .Values.hubble "listenAddress" }} # An additional address for Hubble server to listen to (e.g. ":4244"). hubble-listen-address: {{ .Values.hubble.listenAddress | quote }} @@ -997,6 +1041,9 @@ data: {{- else }} ipam: {{ $ipam | quote }} {{- end }} +{{- if hasKey .Values.ipam "multiPoolPreAllocation" }} + ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation }} +{{- end }} {{- if .Values.ipam.ciliumNodeUpdateRate }} ipam-cilium-node-update-rate: {{ include "validateDuration" .Values.ipam.ciliumNodeUpdateRate | quote }} @@ -1048,6 +1095,8 @@ data: enable-node-ipam: "true" {{- end }} + default-lb-service-ipam: "{{ .Values.defaultLBServiceIPAM }}" + {{- if .Values.apiRateLimit }} api-rate-limit: {{ .Values.apiRateLimit | quote }} {{- end }} @@ -1115,21 +1164,10 @@ data: l2-pod-announcements-interface: {{ .Values.l2podAnnouncements.interface | quote }} {{- end }} -{{- if and .Values.bgp.enabled (and (not .Values.bgp.announce.loadbalancerIP) (not .Values.bgp.announce.podCIDR)) }} - {{ fail "BGP was enabled, but no announcements were enabled. Please enable one or more announcements." }} -{{- end }} - -{{- if and .Values.bgp.enabled .Values.bgp.announce.loadbalancerIP }} - bgp-announce-lb-ip: {{ .Values.bgp.announce.loadbalancerIP | quote }} -{{- end }} - -{{- if and .Values.bgp.enabled .Values.bgp.announce.podCIDR }} - bgp-announce-pod-cidr: {{ .Values.bgp.announce.podCIDR | quote }} -{{- end}} - {{- if .Values.bgpControlPlane.enabled }} enable-bgp-control-plane: "true" bgp-secrets-namespace: {{ .Values.bgpControlPlane.secretsNamespace.name | quote }} + enable-bgp-control-plane-status-report: {{ .Values.bgpControlPlane.statusReport.enabled | quote }} {{- end }} {{- if .Values.pmtuDiscovery.enabled }} @@ -1162,6 +1200,9 @@ data: {{- if .Values.ciliumEndpointSlice.rateLimits }} ces-rate-limits: {{ .Values.ciliumEndpointSlice.rateLimits | toJson | quote }} {{- end }} + {{- if .Values.ciliumEndpointSlice.sliceMode }} + ces-slice-mode: {{ .Values.ciliumEndpointSlice.sliceMode | quote }} + {{- end }} {{- end }} {{- if hasKey .Values "enableK8sTerminatingEndpoint" }} @@ -1181,8 +1222,19 @@ data: annotate-k8s-node: "true" {{- end }} - k8s-client-qps: {{ .Values.k8sClientRateLimit.qps | default $defaultK8sClientQPS | quote}} - k8s-client-burst: {{ .Values.k8sClientRateLimit.burst | default $defaultK8sClientBurst | quote }} +{{- with .Values.k8sClientRateLimit.qps }} + k8s-client-qps: {{ . | quote }} +{{- end }} +{{- with .Values.k8sClientRateLimit.burst }} + k8s-client-burst: {{ . | quote }} +{{- end }} + +{{- with .Values.k8sClientRateLimit.operator.qps }} + operator-k8s-client-qps: {{ .| quote }} +{{- end }} +{{- with .Values.k8sClientRateLimit.operator.burst }} + operator-k8s-client-burst: {{ .| quote }} +{{- end }} {{- if and .Values.operator.setNodeTaints (not .Values.operator.removeNodeTaints) -}} {{ fail "Cannot have operator.setNodeTaintsMaxNodes and not operator.removeNodeTaints = false" }} @@ -1277,6 +1329,8 @@ data: proxy-max-requests-per-connection: {{ .Values.envoy.maxRequestsPerConnection | quote }} proxy-max-connection-duration-seconds: {{ .Values.envoy.maxConnectionDurationSeconds | quote }} proxy-idle-timeout-seconds: {{ .Values.envoy.idleTimeoutDurationSeconds | quote }} + proxy-max-concurrent-retries: {{ .Values.envoy.maxConcurrentRetries | quote }} + http-retry-count: {{ .Values.envoy.httpRetryCount | quote }} external-envoy-proxy: {{ include "envoyDaemonSetEnabled" . | quote }} envoy-base-id: {{ .Values.envoy.baseID | quote }} @@ -1284,7 +1338,12 @@ data: {{- if .Values.envoy.log.path }} envoy-log: {{ .Values.envoy.log.path | quote }} {{- end }} - +{{- if .Values.envoy.log.defaultLevel }} + envoy-default-log-level: {{ .Values.envoy.log.defaultLevel | quote }} +{{- end }} +{{- if .Values.envoy.log.accessLogBufferSize }} + envoy-access-log-buffer-size: {{ .Values.envoy.log.accessLogBufferSize | quote }} +{{- end }} envoy-keep-cap-netbindservice: {{ .Values.envoy.securityContext.capabilities.keepCapNetBindService | quote }} {{- if hasKey .Values.clustermesh "maxConnectedClusters" }} @@ -1295,6 +1354,13 @@ data: nat-map-stats-entries: {{ .Values.nat.mapStatsEntries | quote }} nat-map-stats-interval: {{ .Values.nat.mapStatsInterval | quote }} + enable-internal-traffic-policy: {{ .Values.enableInternalTrafficPolicy | quote }} + enable-lb-ipam: {{ .Values.enableLBIPAM | quote }} + enable-non-default-deny-policies: {{ .Values.enableNonDefaultDenyPolicies | quote }} + +{{- if hasKey .Values.daemon "enableSourceIPVerification" }} + enable-source-ip-verification: {{ .Values.daemon.enableSourceIPVerification | quote }} +{{- end }} # Extra config allows adding arbitrary properties to the cilium config. # By putting it at the end of the ConfigMap, it's also possible to override existing properties. @@ -1309,7 +1375,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: ip-masq-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} data: config: |- {{ toJson .Values.ipMasqAgent.config | indent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml new file mode 100644 index 00000000..3f85ecde --- /dev/null +++ b/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.hubble.metrics.dynamic.enabled .Values.hubble.metrics.dynamic.config.createConfigMap }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.hubble.metrics.dynamic.config.configMapName }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + dynamic-metrics.yaml: | + metrics: +{{ .Values.hubble.metrics.dynamic.config.content | toYaml | indent 4 }} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml index 084077a4..b2639892 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml @@ -6,7 +6,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cilium-envoy-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.envoy.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml index c62dea3d..5649796a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium-envoy - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.envoy.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -15,6 +15,9 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-envoy name: cilium-envoy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -26,7 +29,7 @@ spec: template: metadata: annotations: - {{- if .Values.envoy.rollOutPods }} + {{- if and (.Values.envoy.rollOutPods) (not .Values.envoy.bootstrapConfigMap) }} # ensure pods roll when configmap updates cilium.io/cilium-envoy-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-envoy/configmap.yaml") . | sha256sum | quote }} {{- end }} @@ -46,6 +49,9 @@ spec: name: cilium-envoy app.kubernetes.io/name: cilium-envoy app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.envoy.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -80,10 +86,11 @@ spec: - '--log-level trace' {{- else if and (.Values.debug.enabled) (hasKey .Values.debug "verbose") (.Values.debug.verbose) (has "flow" ( splitList " " .Values.debug.verbose )) }} - '--log-level debug' + {{- else if .Values.envoy.log.defaultLevel }} + - '--log-level {{ .Values.envoy.log.defaultLevel }}' {{- else }} - '--log-level info' {{- end }} - - '--log-format {{ .Values.envoy.log.format }}' {{- if .Values.envoy.log.path }} - '--log-path {{ .Values.envoy.log.path }}' {{- end }} @@ -235,7 +242,7 @@ spec: type: DirectoryOrCreate - name: envoy-config configMap: - name: cilium-envoy-config + name: {{ .Values.envoy.bootstrapConfigMap | default "cilium-envoy-config" | quote }} # note: the leading zero means this number is in octal representation: do not remove it defaultMode: 0400 items: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml index a55202a5..6b982c28 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: cilium-envoy - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or (not .Values.envoy.prometheus.serviceMonitor.enabled) .Values.envoy.annotations }} annotations: {{- if not .Values.envoy.prometheus.serviceMonitor.enabled }} @@ -20,6 +20,9 @@ metadata: app.kubernetes.io/name: cilium-envoy app.kubernetes.io/part-of: cilium io.cilium/app: proxy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml index 710506e1..809f226b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.envoy.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.envoy.annotations .Values.envoy.annotations }} annotations: {{- with .Values.envoy.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml index ea7415c4..a46aeeb8 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml @@ -5,10 +5,13 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-envoy - namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-envoy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.envoy.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -27,7 +30,7 @@ spec: k8s-app: cilium-envoy namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: envoy-metrics interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml index 8a1341e4..7d86eb7f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.hubble.export.dynamic.config.configMapName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: flowlogs.yaml: | flowLogs: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml b/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml index 30ab1719..50c4c13c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml @@ -4,6 +4,10 @@ apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: cilium + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: controllerName: io.cilium/gateway-controller description: The default Cilium GatewayClass diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml index 9243b377..35dd2d1f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml @@ -7,6 +7,10 @@ metadata: annotations: ingressclass.kubernetes.io/is-default-class: "true" {{- end}} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: controller: cilium.io/ingress-controller {{- end}} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml index eac13d76..8d806f21 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml @@ -3,12 +3,16 @@ apiVersion: v1 kind: Service metadata: name: {{ .Values.ingressController.service.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: cilium.io/ingress: "true" + app.kubernetes.io/part-of: cilium {{- if .Values.ingressController.service.labels }} {{- toYaml .Values.ingressController.service.labels | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.ingressController.service.annotations }} annotations: {{- toYaml .Values.ingressController.service.annotations | nindent 4 }} @@ -45,11 +49,14 @@ apiVersion: v1 kind: Endpoints metadata: name: {{ .Values.ingressController.service.name }} - namespace: {{ .Release.Namespace }} - {{- if .Values.ingressController.service.labels }} + namespace: {{ include "cilium.namespace" . }} labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.ingressController.service.labels }} {{- toYaml .Values.ingressController.service.labels | nindent 4 }} - {{- end }} + {{- end }} {{- if .Values.ingressController.service.annotations }} annotations: {{- toYaml .Values.ingressController.service.annotations | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml index c92eabfa..add6ae5a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml @@ -4,7 +4,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: cilium-node-init - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.nodeinit.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,9 @@ metadata: app: cilium-node-init app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-node-init + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -39,6 +42,9 @@ spec: app: cilium-node-init app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-node-init + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeinit.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml index eb503ee9..e489edc3 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml @@ -3,8 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.nodeinit.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or .Values.serviceAccounts.nodeinit.annotations .Values.nodeinit.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- with .Values.nodeinit.annotations }} {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl index 0910de63..67ab34cb 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl @@ -31,6 +31,7 @@ Return cilium operator image {{- else -}} {{- $cloud := include "cilium.operator.cloud" . }} {{- $imageDigest := include "cilium.operator.imageDigestName" . }} -{{- printf "%s-%s%s:%s%s" .Values.operator.image.repository $cloud .Values.operator.image.suffix .Values.operator.image.tag $imageDigest -}} +{{- $tag := .Values.operator.image.tag | default "" | eq "" | ternary "" (printf ":%s" .Values.operator.image.tag) }} +{{- printf "%s-%s%s%s%s" .Values.operator.image.repository $cloud .Values.operator.image.suffix $tag $imageDigest -}} {{- end -}} {{- end -}} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml index 0d9a073c..dba1ca8b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -9,6 +10,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -87,7 +91,7 @@ rules: resources: # to check apiserver connectivity - namespaces -{{- if or .Values.ingressController.enabled .Values.gatewayAPI.enabled }} +{{- if or .Values.ingressController.enabled .Values.gatewayAPI.enabled .Values.bgpControlPlane.enabled $secretSyncEnabled }} - secrets {{- end }} verbs: @@ -196,6 +200,13 @@ rules: - watch - delete - patch +- apiGroups: + - cilium.io + resources: + - ciliumbgpclusterconfigs/status + - ciliumbgppeerconfigs/status + verbs: + - update - apiGroups: - apiextensions.k8s.io resources: @@ -242,6 +253,7 @@ rules: - ciliumbgppeeringpolicies - ciliumbgpclusterconfigs - ciliumbgpnodeconfigoverrides + - ciliumbgppeerconfigs verbs: - get - list @@ -333,6 +345,13 @@ rules: {{- end }} {{- end }} {{- if .Values.clustermesh.enableMCSAPISupport }} +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceimports/status + verbs: + - update + - patch - apiGroups: - multicluster.x-k8s.io resources: @@ -341,6 +360,13 @@ rules: - get - list - watch +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports/status + verbs: + - update + - patch - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml index 1f32800b..a1bed2d0 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml index c4b90a27..5b68b261 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml @@ -7,11 +7,14 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.operator.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.operator.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: cilium app.kubernetes.io/name: cilium-operator app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if $.Values.operator.dashboards.label }} {{ $.Values.operator.dashboards.label }}: {{ ternary $.Values.operator.dashboards.labelValue "1" (not (empty $.Values.operator.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml index 627a63ce..e0fe3115 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go # for more details. @@ -57,6 +60,9 @@ spec: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.operator.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -92,7 +98,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} - name: CILIUM_CLUSTERMESH_CONFIG value: /var/lib/cilium/clustermesh/ {{- end }} @@ -215,7 +221,7 @@ spec: readOnly: true {{- end }} {{- end }} - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} - name: clustermesh-secrets mountPath: /var/lib/cilium/clustermesh readOnly: true @@ -238,11 +244,6 @@ spec: mountPropagation: {{ .mountPropagation }} {{- end }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - mountPath: /var/lib/cilium/bgp - readOnly: true - {{- end }} {{- with .Values.operator.extraVolumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} @@ -285,7 +286,7 @@ spec: nodeSelector: {{- toYaml . | trim | nindent 8 }} {{- end }} - {{- if and .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.config.enabled (not (and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled )) }} + {{- if and (or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport) .Values.clustermesh.config.enabled (not (and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled )) }} hostAliases: {{- range $cluster := .Values.clustermesh.config.clusters }} {{- range $ip := $cluster.ips }} @@ -337,11 +338,6 @@ spec: type: {{ .hostPathType }} {{- end }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - configMap: - name: bgp-config - {{- end }} {{- if .Values.authentication.mutual.spire.enabled }} - name: spire-agent-socket hostPath: @@ -351,7 +347,7 @@ spec: {{- with .Values.operator.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} # To read the clustermesh configuration - name: clustermesh-secrets projected: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml index 05b25104..74d29b43 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: name: cilium-operator app.kubernetes.io/name: cilium-operator app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml index 20101b02..83d42480 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml @@ -1,3 +1,5 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} + {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.sync .Values.ingressController.secretsNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -11,6 +13,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -47,3 +52,28 @@ rules: - update - patch {{- end }} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $secretSyncEnabled .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-operator-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - update + - patch +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml index 8d8f73d8..8e866e59 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml @@ -1,3 +1,5 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} + {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.sync .Values.ingressController.secretsNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -5,6 +7,10 @@ kind: RoleBinding metadata: name: cilium-operator-ingress-secrets namespace: {{ .Values.ingressController.secretsNamespace.name | quote }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -18,7 +24,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.sync .Values.gatewayAPI.secretsNamespace.name }} @@ -39,6 +45,29 @@ roleRef: kind: Role name: cilium-operator-gateway-secrets subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccounts.operator.name | quote }} + namespace: {{ include "cilium.namespace" . }} +{{- end }} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $secretSyncEnabled .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-operator-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-operator-tlsinterception-secrets +subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} namespace: {{ .Release.Namespace }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml index 31e917ec..4ac55d7a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml @@ -4,11 +4,15 @@ apiVersion: v1 kind: Secret metadata: name: cilium-azure - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} type: Opaque data: AZURE_CLIENT_ID: {{ default "" .Values.azure.clientID | b64enc | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml index 8c201099..da4c88c2 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.operator.enabled .Values.operator.prometheus.enabled .Values.operator.prometheus.serviceMonitor.enabled }} +{{- if and .Values.operator.enabled .Values.operator.prometheus.enabled (or .Values.operator.prometheus.serviceMonitor.enabled .Values.operator.prometheus.metricsService) }} kind: Service apiVersion: v1 metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,9 @@ metadata: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml index b083907e..e75a528d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.operator.annotations .Values.operator.annotations }} annotations: {{- with .Values.operator.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml index 742993b8..c73b49da 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml @@ -3,10 +3,13 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-operator - namespace: {{ .Values.operator.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.operator.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -26,7 +29,7 @@ spec: name: cilium-operator namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.operator.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml index bb9b686e..9a2c0615 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml @@ -1,3 +1,5 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.preflight.enabled .Values.rbac.create }} {{- /* Keep file in sync with cilium-agent/clusterrole.yaml @@ -12,6 +14,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - networking.k8s.io @@ -82,7 +87,7 @@ rules: # until we figure out how to avoid "get" inside the preflight, and then # should be removed ideally. - get -{{- if eq "k8s" .Values.tls.secretsBackend }} +{{- if $readSecretsOnlyFromSecretsNamespace }} - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml index 5b60e519..93827895 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.preflight.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml index 51cfe1ae..0e793cfa 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml @@ -3,8 +3,12 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} @@ -24,6 +28,9 @@ spec: k8s-app: cilium-pre-flight-check app.kubernetes.io/name: cilium-pre-flight-check kubernetes.io/cluster-service: "true" + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.preflight.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -209,8 +216,8 @@ spec: defaultMode: 0400 optional: true {{- end }} + {{- end }} {{- with .Values.preflight.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} - {{- end }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml index 32c169b4..26c7f063 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -11,6 +11,9 @@ metadata: labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-pre-flight-check + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -27,6 +30,9 @@ spec: k8s-app: cilium-pre-flight-check-deployment kubernetes.io/cluster-service: "true" app.kubernetes.io/name: cilium-pre-flight-check + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.preflight.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml index c00d9b89..be41a74c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-pre-flight-check kubernetes.io/cluster-service: "true" + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml index b64a3296..dd5a6911 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.preflight.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.preflight.annotations .Values.preflight.annotations }} annotations: {{- with .Values.preflight.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml b/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml index a9856967..5647652c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml @@ -1,10 +1,10 @@ -{{- if or .Values.resourceQuotas.enabled (and (ne .Release.Namespace "kube-system") .Values.gke.enabled) }} +{{- if or .Values.resourceQuotas.enabled (and (ne (include "cilium.namespace" .) "kube-system") .Values.gke.enabled) }} {{- if .Values.agent }} apiVersion: v1 kind: ResourceQuota metadata: name: cilium-resource-quota - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} spec: hard: pods: {{ .Values.resourceQuotas.cilium.hard.pods | quote }} @@ -21,7 +21,12 @@ apiVersion: v1 kind: ResourceQuota metadata: name: cilium-operator-resource-quota - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + labels: + app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: hard: pods: {{ .Values.resourceQuotas.operator.hard.pods | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml b/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml index d99967fa..7be62461 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml @@ -5,10 +5,19 @@ {{- end -}} {{- end -}} +{{- if and .Values.tls.secretsNamespace.create .Values.tls.secretsNamespace.name -}} +{{- $_ := set $secretNamespaces .Values.tls.secretsNamespace.name 1 -}} +{{- end -}} + {{- range $name, $_ := $secretNamespaces }} --- apiVersion: v1 kind: Namespace metadata: name: {{ $name | quote }} + labels: + app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end}} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml index 55d2505d..e7ebda95 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml @@ -5,6 +5,9 @@ metadata: name: clustermesh-apiserver labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -53,6 +56,7 @@ rules: resources: - customresourcedefinitions verbs: + - get - list - watch - apiGroups: @@ -73,4 +77,14 @@ rules: - get - list - watch +{{- if .Values.clustermesh.enableMCSAPISupport }} +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports + verbs: + - get + - list + - watch +{{- end }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml index 49b19097..ecd5fe31 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml @@ -5,6 +5,9 @@ metadata: name: clustermesh-apiserver labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index 6caee283..9450ea43 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -6,7 +6,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -15,6 +15,9 @@ metadata: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.clustermesh.apiserver.replicas }} selector: @@ -34,6 +37,9 @@ spec: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver k8s-app: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.clustermesh.apiserver.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -192,6 +198,9 @@ spec: - --prometheus-serve-addr=:{{ .Values.clustermesh.apiserver.metrics.port }} - --controller-group-metrics=all {{- end }} + {{- if .Values.clustermesh.enableMCSAPISupport }} + - --clustermesh-enable-mcs-api + {{- end }} {{- with .Values.clustermesh.apiserver.extraArgs }} {{- toYaml . | trim | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml index 0781af1e..915b3165 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Service metadata: name: clustermesh-apiserver-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,6 +16,10 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver app.kubernetes.io/component: metrics + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml index a5d30b7b..491b075d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml index 76c33ff1..fa7b193c 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml @@ -3,11 +3,15 @@ apiVersion: v1 kind: Service metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.clustermesh.apiserver.service.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.clustermesh.annotations }} @@ -32,6 +36,10 @@ spec: {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerIP }} loadBalancerIP: {{ .Values.clustermesh.apiserver.service.loadBalancerIP }} {{- end }} + {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.clustermesh.apiserver.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} {{- if .Values.clustermesh.apiserver.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.clustermesh.apiserver.service.externalTrafficPolicy }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml index 0c8992ba..2df6aa87 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.clustermeshApiserver.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.clustermesh.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml index 8ecf150b..800d79f7 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml @@ -8,9 +8,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: clustermesh-apiserver - namespace: {{ .Values.clustermesh.apiserver.metrics.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.clustermesh.apiserver.metrics.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.apiserver.metrics.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -30,7 +33,7 @@ spec: app.kubernetes.io/component: metrics namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: {{- if .Values.clustermesh.apiserver.metrics.enabled }} - port: apiserv-metrics diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml index dbf313a5..974ebfa8 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml index f290fe8e..0b33c852 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml index 8ec9fa53..d38e8195 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml index 06bb8bd2..47cb29ff 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml index f7cfd7ad..8e94d1fe 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml @@ -4,8 +4,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} @@ -17,7 +21,7 @@ spec: dnsNames: - clustermesh-apiserver.cilium.io - "*.mesh.cilium.io" - - "clustermesh-apiserver.{{ .Release.Namespace }}.svc" + - "clustermesh-apiserver.{{ include "cilium.namespace" . }}.svc" {{- range $dns := .Values.clustermesh.apiserver.tls.server.extraDnsNames }} - {{ $dns | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl index 52d859b1..a12d3256 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl @@ -19,9 +19,9 @@ spec: {{- if .Values.debug.enabled }} - "--debug" {{- end }} - - "--ca-generate" + - "--ca-generate={{ .Values.certgen.generateCA }}" - "--ca-reuse-secret" - - "--ca-secret-namespace={{ .Release.Namespace }}" + - "--ca-secret-namespace={{ include "cilium.namespace" . }}" - "--ca-secret-name=cilium-ca" - "--ca-common-name=Cilium CA" env: @@ -29,12 +29,12 @@ spec: value: | certs: - name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "clustermesh-apiserver.cilium.io" hosts: - "clustermesh-apiserver.cilium.io" - "*.mesh.cilium.io" - - "clustermesh-apiserver.{{ .Release.Namespace }}.svc" + - "clustermesh-apiserver.{{ include "cilium.namespace" . }}.svc" {{- range $dns := .Values.clustermesh.apiserver.tls.server.extraDnsNames }} - {{ $dns | quote }} {{- end }} @@ -49,7 +49,7 @@ spec: - server auth validity: {{ $certValidityStr }} - name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.admin-common-name" . | quote }} usage: - signing @@ -58,7 +58,7 @@ spec: validity: {{ $certValidityStr }} {{- if .Values.clustermesh.useAPIServer }} - name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.remote-common-name" . | quote }} usage: - signing @@ -68,7 +68,7 @@ spec: {{- end }} {{- if and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled }} - name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.local-common-name" . | quote }} usage: - signing @@ -78,7 +78,7 @@ spec: {{- end }} {{- if .Values.externalWorkloads.enabled }} - name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "externalworkload" usage: - signing @@ -91,6 +91,13 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} hostNetwork: true + {{- with .Values.certgen.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.certgen.priorityClassName }} + priorityClassName: {{ .Values.certgen.priorityClassName }} + {{- end }} {{- with .Values.certgen.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml index 8c0e4cd5..4dfc8076 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -11,6 +11,9 @@ metadata: labels: k8s-app: clustermesh-apiserver-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: schedule: {{ .Values.clustermesh.apiserver.tls.auto.schedule | quote }} concurrencyPolicy: Forbid diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml index b6dd5bf1..d27a3150 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml @@ -4,9 +4,12 @@ apiVersion: batch/v1 kind: Job metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: clustermesh-apiserver-generate-certs + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} app.kubernetes.io/part-of: cilium annotations: "helm.sh/hook": post-install,post-upgrade diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml index a3a9f089..e8e8b0ae 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml @@ -3,13 +3,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml index 4e67e047..28f36797 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml @@ -3,13 +3,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml index 8dfaf52c..1a8c3ea1 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.clustermeshcertgen.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.serviceAccounts.clustermeshcertgen.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml index 59b5b51c..a35f7cdc 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml index 85137111..220e9d3d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml index 716ab816..4efc252d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml index 7bfb1c5a..04175f7a 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml index f958f353..53c895fa 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml @@ -2,14 +2,18 @@ {{- $_ := include "cilium.ca.setup" . -}} {{- $cn := "clustermesh-apiserver.cilium.io" }} {{- $ip := concat (list "127.0.0.1" "::1") .Values.clustermesh.apiserver.tls.server.extraIpAddresses }} -{{- $dns := concat (list $cn "*.mesh.cilium.io" (printf "clustermesh-apiserver.%s.svc" .Release.Namespace)) .Values.clustermesh.apiserver.tls.server.extraDnsNames }} +{{- $dns := concat (list $cn "*.mesh.cilium.io" (printf "clustermesh-apiserver.%s.svc" (include "cilium.namespace" .))) .Values.clustermesh.apiserver.tls.server.extraDnsNames }} {{- $cert := genSignedCert $cn $ip $dns (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .commonCA -}} --- apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml index 68c45451..91955979 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml index f48d6604..92c977cc 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml @@ -4,8 +4,12 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml index 3e6f21f1..62173a1f 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml index 5af1b9bd..231178ca 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml index ab42ad06..56572bb2 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml @@ -7,20 +7,20 @@ apiVersion: v1 kind: ConfigMap metadata: name: clustermesh-remote-users - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + data: users.yaml: | users: - {{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }} - - name: remote-{{ .Values.cluster.name }} - role: remote - {{- end }} {{- range .Values.clustermesh.config.clusters }} - name: remote-{{ .name }} role: remote diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl index 5cd31486..3529f066 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl @@ -3,7 +3,13 @@ {{- $domain := index . 1 -}} {{- $override := index . 2 -}} {{- /* The parenthesis around $cluster.tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}} -{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (ne $override "") (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}} +{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}} +{{- /* KVStoreMesh is enabled, and we are generating the secret used by Cilium agents. */}} +{{- /* In other words, we want to connect to KVStoreMesh, opposed to the etcd instance */}} +{{- /* in the remote cluster; hence we need to use the dedicated certificate and key. */}} +{{- if ne $override "" -}} +{{- $prefix = "local-" -}} +{{- end -}} endpoints: {{- if ne $override "" }} @@ -13,8 +19,11 @@ endpoints: {{- else }} - https://{{ $cluster.address | required "missing clustermesh.apiserver.config.clusters.address" }}:{{ $cluster.port }} {{- end }} -{{- if not (empty ($cluster.tls).caCert) }} -{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set */}} +{{- if or (ne $override "") (not (empty ($cluster.tls).caCert)) }} +{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set, */}} +{{- /* otherwise we may enter this branch, but the prefix is still set to common-. */}} +{{- /* Additionally, when KVStoreMesh is enabled, and we are generating the secret for the agents, */}} +{{- /* we want to always use the corresponding CA certificate, that is the one with local- prefix. */}} trusted-ca-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client-ca.crt {{- else }} trusted-ca-file: /var/lib/cilium/clustermesh/common-etcd-client-ca.crt diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml index 78ddecd9..7f4f14b2 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml @@ -4,14 +4,19 @@ apiVersion: v1 kind: Secret metadata: name: cilium-clustermesh - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + data: {{- $kvstoremesh := and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled }} - {{- $override := ternary (printf "https://clustermesh-apiserver.%s.svc:2379" .Release.Namespace) "" $kvstoremesh }} + {{- $override := ternary (printf "https://clustermesh-apiserver.%s.svc:2379" (include "cilium.namespace" .)) "" $kvstoremesh }} {{- range .Values.clustermesh.config.clusters }} {{ .name }}: {{ include "clustermesh-config-generate-etcd-cfg" (list . $.Values.clustermesh.config.domain $override) | b64enc }} {{- /* The parenthesis around .tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml index 91ae0320..e9b554ac 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: Secret metadata: name: cilium-kvstoremesh - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml index 81b4198c..26b6219a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml @@ -8,7 +8,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-relay-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,7 +21,7 @@ metadata: data: config.yaml: | cluster-name: {{ .Values.cluster.name }} - peer-service: "hubble-peer.{{ .Release.Namespace }}.svc.{{ .Values.hubble.peerService.clusterDomain }}.:{{ $peerSvcPort }}" + peer-service: "hubble-peer.{{ include "cilium.namespace" . }}.svc.{{ .Values.hubble.peerService.clusterDomain }}.:{{ $peerSvcPort }}" listen-address: {{ include "hubble-relay.config.listenAddress" . }} gops: {{ .Values.hubble.relay.gops.enabled }} gops-port: {{ .Values.hubble.relay.gops.port | quote }} @@ -28,7 +33,6 @@ data: {{- if .Values.hubble.relay.prometheus.enabled }} metrics-listen-address: ":{{ .Values.hubble.relay.prometheus.port }}" {{- end }} - dial-timeout: {{ .Values.hubble.relay.dialTimeout }} retry-timeout: {{ .Values.hubble.relay.retryTimeout }} sort-buffer-len-max: {{ .Values.hubble.relay.sortBufferLenMax }} sort-buffer-drain-timeout: {{ .Values.hubble.relay.sortBufferDrainTimeout }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml index 30d8d062..e7805c23 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: replicas: {{ .Values.hubble.relay.replicas }} selector: @@ -39,6 +43,9 @@ spec: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.hubble.relay.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml index 1066c6c4..928d45cf 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml @@ -4,13 +4,18 @@ kind: Service apiVersion: v1 metadata: name: hubble-relay-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: k8s-app: hubble-relay + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml index 6162cb81..b44cecfa 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml index 27a95519..db00b473 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml @@ -3,7 +3,7 @@ kind: Service apiVersion: v1 metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} annotations: {{- with .Values.hubble.relay.annotations }} {{- toYaml . | nindent 4 }} @@ -16,6 +16,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: type: {{ .Values.hubble.relay.service.type | quote }} selector: diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml index 081b896e..25d36ba4 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.relay.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.relay.annotations .Values.hubble.relay.annotations }} annotations: {{- with .Values.hubble.relay.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml index 4e41fdf3..b6b1733c 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml @@ -3,8 +3,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: hubble-relay - namespace: {{ .Values.hubble.relay.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.hubble.relay.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.relay.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -23,7 +27,7 @@ spec: k8s-app: hubble-relay namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.hubble.relay.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml index 7efa4824..b8607bd9 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml @@ -9,6 +9,10 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + rules: - apiGroups: - networking.k8s.io diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml index e25aeb17..55ee9ecc 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml @@ -9,6 +9,10 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.ui.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml index 8b5f0141..63a3da6c 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-ui-nginx - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml index 66f3b088..c3b3dc5a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml @@ -3,7 +3,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,13 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.hubble.ui.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.hubble.ui.replicas }} selector: @@ -35,6 +42,9 @@ spec: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.hubble.ui.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml index 348e281d..ab85ef5f 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml @@ -4,11 +4,15 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.ui.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml index c23e3ad0..35402984 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml index a820b342..90b3b1b7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml @@ -3,8 +3,9 @@ kind: Service apiVersion: v1 metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or .Values.hubble.ui.service.annotations .Values.hubble.ui.annotations }} + annotations: {{- with .Values.hubble.ui.annotations }} {{- toYaml . | nindent 4 }} @@ -17,6 +18,10 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: type: {{ .Values.hubble.ui.service.type | quote }} selector: diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml index dc02ea2b..ac3d13ee 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.ui.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.ui.annotations .Values.hubble.ui.annotations }} annotations: {{- with .Values.hubble.ui.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml index c668ebfd..2862a84d 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml @@ -7,11 +7,16 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.hubble.metrics.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.hubble.metrics.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: hubble app.kubernetes.io/name: hubble app.kubernetes.io/part-of: cilium + + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $.Values.hubble.metrics.dashboards.label }} {{ $.Values.hubble.metrics.dashboards.label }}: {{ ternary $.Values.hubble.metrics.dashboards.labelValue "1" (not (empty $.Values.hubble.metrics.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml index ab5cfbab..c2488990 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml @@ -1,13 +1,17 @@ -{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled }} +{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) }} apiVersion: v1 kind: Service metadata: name: hubble-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble app.kubernetes.io/name: hubble app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: {{- with .Values.hubble.annotations }} {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml index aec3f889..60aab5ae 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: hubble-peer - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,10 @@ metadata: k8s-app: cilium app.kubernetes.io/part-of: cilium app.kubernetes.io/name: hubble-peer + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: selector: k8s-app: cilium diff --git a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml index d1c3c3e5..1f4eccd5 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml @@ -3,9 +3,14 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: hubble - namespace: {{ .Values.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.metrics.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -24,7 +29,7 @@ spec: k8s-app: hubble namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: hubble-metrics interval: {{ .Values.hubble.metrics.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml index d4e263f1..36c47707 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml @@ -5,7 +5,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml index 373d6c54..7850b5ab 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml index c33b912b..2b3eb778 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml index b34f27c5..394c221a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml @@ -5,7 +5,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml index 64ace187..0111834b 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl index 7f47f21d..2b37bdc0 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl @@ -30,9 +30,9 @@ spec: {{- if .Values.debug.enabled }} - "--debug" {{- end }} - - "--ca-generate" + - "--ca-generate={{ .Values.certgen.generateCA }}" - "--ca-reuse-secret" - - "--ca-secret-namespace={{ .Release.Namespace }}" + - "--ca-secret-namespace={{ include "cilium.namespace" . }}" - "--ca-secret-name=cilium-ca" - "--ca-common-name=Cilium CA" env: @@ -40,7 +40,7 @@ spec: value: | certs: - name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." | quote }} hosts: - {{ list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." | quote }} @@ -58,7 +58,7 @@ spec: validity: {{ $certValidityStr }} {{- if .Values.hubble.relay.enabled }} - name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-relay.cilium.io" hosts: - "*.hubble-relay.cilium.io" @@ -70,7 +70,7 @@ spec: {{- end }} {{- if and .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }} - name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-relay.cilium.io" hosts: - "*.hubble-relay.cilium.io" @@ -88,7 +88,7 @@ spec: {{- end }} {{- if and .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ list (.Values.cluster.name | replace "." "-") "hubble-metrics.cilium.io" | join "." }} | quote }} hosts: - {{ list (.Values.cluster.name | replace "." "-") "hubble-metrics.cilium.io" | join "." }} | quote }} @@ -106,7 +106,7 @@ spec: {{- end }} {{- if and .Values.hubble.ui.enabled .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }} - name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-ui.cilium.io" hosts: - "*.hubble-ui.cilium.io" @@ -116,11 +116,19 @@ spec: - client auth validity: {{ $certValidityStr }} {{- end }} + {{- include "certgen.config.extra" . | nindent 12 }} {{- with .Values.certgen.extraVolumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} {{- end }} hostNetwork: false + {{- with .Values.certgen.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.certgen.priorityClassName }} + priorityClassName: {{ .Values.certgen.priorityClassName }} + {{- end }} {{- with .Values.certgen.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml index 7d9f7174..697806c6 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml @@ -3,11 +3,15 @@ apiVersion: batch/v1 kind: CronJob metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-generate-certs app.kubernetes.io/name: hubble-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.certgen.annotations.cronJob .Values.hubble.annotations }} annotations: {{- with .Values.hubble.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml index 9831fdc6..5e4e67ff 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml @@ -4,11 +4,14 @@ apiVersion: batch/v1 kind: Job metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-generate-certs app.kubernetes.io/name: hubble-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": post-install,post-upgrade {{- with .Values.certgen.annotations.job }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml index 07a38b08..9cd40721 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml @@ -3,13 +3,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + rules: - apiGroups: - "" diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml index fa56e469..4c3a88a3 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml @@ -3,13 +3,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +21,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml index 62a8de80..2324eb52 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.hubblecertgen.annotations .Values.hubble.annotations }} annotations: {{- with .Values.hubble.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml index e4e4a8b8..0cc13efa 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml index f266d9a0..f6ba3279 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml @@ -8,7 +8,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml index 4a3e3ad1..986b3cac 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml index 0f9b3343..a159240d 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml index ea5e6926..e1f62ead 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml @@ -8,7 +8,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml index d902ae9b..8137aef3 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml index 28b540db..3030b2c7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml index 187c781b..18aafb0e 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml index 9991f0c9..e5ddfa16 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml index 6f0b45e2..ebaca8f7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml index 29300840..ec0c466a 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml @@ -3,6 +3,11 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml index 02265a94..eb33c995 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml @@ -4,6 +4,11 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml index 7d365ba6..2bd63bf8 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml @@ -4,6 +4,11 @@ kind: ConfigMap metadata: name: spire-agent namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml index d8c80d9e..cac60877 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml @@ -15,6 +15,9 @@ metadata: {{- end }} labels: app: spire-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.agent.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -27,6 +30,9 @@ spec: namespace: {{ .Values.authentication.mutual.spire.install.namespace }} labels: app: spire-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.agent.labels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -35,6 +41,7 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.authentication.mutual.spire.install.agent.priorityClassName "system-node-critical") }} {{- with .Values.authentication.mutual.spire.install.agent.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -81,6 +88,10 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP + {{- with .Values.authentication.mutual.spire.install.agent.resources }} + resources: + {{- toYaml . | trim | nindent 12 }} + {{- end }} livenessProbe: httpGet: path: /live diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml index 95f7e431..3abf0059 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml @@ -4,6 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml index 389b8d58..c24b1630 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml @@ -4,6 +4,10 @@ kind: ConfigMap metadata: name: spire-bundle namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml b/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml index ccd38680..db203d79 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: Namespace metadata: name: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml index f6d98545..fb84b7cf 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml @@ -4,6 +4,10 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml index 750b07ac..fd5242ca 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml @@ -3,6 +3,10 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml index d7347595..5deb8128 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ConfigMap metadata: name: spire-server + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml index 2d38fe14..1cb70be1 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml @@ -4,6 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml index 497bd60c..a8d9af94 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml @@ -4,6 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml index 32288a44..376bb628 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml @@ -4,6 +4,10 @@ kind: Service metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.service.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml index cd365c89..2a62e6e1 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml index a47cbf5f..b515eadf 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml @@ -4,6 +4,10 @@ kind: StatefulSet metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} @@ -28,10 +32,14 @@ spec: metadata: labels: app: spire-server + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.server.labels }} {{- toYaml . | nindent 8 }} {{- end }} spec: + priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.authentication.mutual.spire.install.server.priorityClassName "system-node-critical") }} serviceAccountName: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} shareProcessNamespace: true {{- with .Values.authentication.mutual.spire.install.server.podSecurityContext }} @@ -65,6 +73,10 @@ spec: args: - -config - /run/spire/config/server.conf + {{- with .Values.authentication.mutual.spire.install.server.resources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} ports: - name: grpc containerPort: 8081 diff --git a/packages/system/cilium/charts/cilium/templates/validate.yaml b/packages/system/cilium/charts/cilium/templates/validate.yaml index ac774d80..37da6cd6 100644 --- a/packages/system/cilium/charts/cilium/templates/validate.yaml +++ b/packages/system/cilium/charts/cilium/templates/validate.yaml @@ -139,18 +139,17 @@ {{- if eq .Values.cluster.name "" }} {{ fail "The cluster name is invalid: cannot be empty" }} {{- end }} -{{- if semverCompare ">=1.16" (default "1.16" .Values.upgradeCompatibility) }} {{- if gt (len .Values.cluster.name) 32 }} - {{ fail "The cluster name is invalid: must not be more than 32 characters. Configure 'upgradeCompatibility' to 1.15 or earlier to temporarily skip this check at your own risk" }} + {{ fail "The cluster name is invalid: must not be more than 32 characters" }} {{- end }} {{- if not (regexMatch "^([a-z0-9][-a-z0-9]*)?[a-z0-9]$" .Values.cluster.name) }} - {{ fail "The cluster name is invalid: must consist of lower case alphanumeric characters and '-', and must start and end with an alphanumeric character. Configure 'upgradeCompatibility' to 1.15 or earlier to temporarily skip this check at your own risk" }} -{{- end }} + {{ fail "The cluster name is invalid: must consist of lower case alphanumeric characters and '-', and must start and end with an alphanumeric character" }} {{- end }} {{- if and (eq .Values.cluster.name "default") (ne (int .Values.cluster.id) 0) }} {{ fail "The cluster name is invalid: cannot use default value with cluster.id != 0" }} {{- end }} {{ if and + (ne (index .Values.extraConfig "allow-unsafe-policy-skb-usage") "true") (or (and (ge (int .Values.cluster.id) 128) (le (int .Values.cluster.id) 255)) (and (ge (int .Values.cluster.id) 384) (le (int .Values.cluster.id) 511))) (or .Values.eni.enabled .Values.alibabacloud.enabled (eq .Values.cni.chainingMode "aws-cni")) -}} {{ fail "Cilium is currently affected by a bug that causes traffic matched by network policies to be incorrectly dropped when running in either ENI mode (both AWS and AlibabaCloud) or AWS VPC CNI chaining mode, if the cluster ID is 128-255 (and 384-511 when maxConnectedClusters=511). Please refer to https://github.com/cilium/cilium/issues/21330 for additional details." }} @@ -158,7 +157,7 @@ {{/* validate clustermesh-apiserver */}} {{- if .Values.clustermesh.useAPIServer }} - {{- if ne .Values.identityAllocationMode "crd" }} + {{- if and (ne .Values.identityAllocationMode "crd") (ne .Values.identityAllocationMode "doublewrite-readkvstore") (ne .Values.identityAllocationMode "doublewrite-readcrd") }} {{ fail (printf "The clustermesh-apiserver cannot be enabled in combination with .Values.identityAllocationMode=%s. To establish a Cluster Mesh, directly configure the parameters to access the remote kvstore through .Values.clustermesh.config" .Values.identityAllocationMode ) }} {{- end }} {{- if .Values.disableEndpointCRD }} @@ -166,7 +165,7 @@ {{- end }} {{- end }} {{- if .Values.externalWorkloads.enabled }} - {{- if ne .Values.identityAllocationMode "crd" }} + {{- if and (ne .Values.identityAllocationMode "crd") (ne .Values.identityAllocationMode "doublewrite-readkvstore") (ne .Values.identityAllocationMode "doublewrite-readcrd") }} {{ fail (printf "External workloads support cannot be enabled in combination with .Values.identityAllocationMode=%s" .Values.identityAllocationMode ) }} {{- end }} {{- if .Values.disableEndpointCRD }} diff --git a/packages/system/cilium/charts/cilium/values.schema.json b/packages/system/cilium/charts/cilium/values.schema.json index 9dd1dc3d..634e6fc8 100644 --- a/packages/system/cilium/charts/cilium/values.schema.json +++ b/packages/system/cilium/charts/cilium/values.schema.json @@ -152,6 +152,12 @@ "podSecurityContext": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, "securityContext": { "type": "object" }, @@ -356,6 +362,12 @@ "podSecurityContext": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, "securityContext": { "type": "object" }, @@ -443,25 +455,6 @@ }, "type": "object" }, - "bgp": { - "properties": { - "announce": { - "properties": { - "loadbalancerIP": { - "type": "boolean" - }, - "podCIDR": { - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, "bgpControlPlane": { "properties": { "enabled": { @@ -477,6 +470,14 @@ } }, "type": "object" + }, + "statusReport": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" } }, "type": "object" @@ -497,6 +498,9 @@ }, "type": "object" }, + "ctAccounting": { + "type": "boolean" + }, "ctAnyMax": { "type": [ "null", @@ -520,6 +524,17 @@ }, "events": { "properties": { + "default": { + "properties": { + "burstLimit": { + "type": "null" + }, + "rateLimit": { + "type": "null" + } + }, + "type": "object" + }, "drop": { "properties": { "enabled": { @@ -553,6 +568,9 @@ "boolean" ] }, + "lbAlgorithmAnnotation": { + "type": "boolean" + }, "lbExternalClusterIP": { "type": "boolean" }, @@ -562,6 +580,12 @@ "integer" ] }, + "lbModeAnnotation": { + "type": "boolean" + }, + "lbSourceRangeAllTypes": { + "type": "boolean" + }, "mapDynamicSizeRatio": { "type": [ "null", @@ -655,6 +679,9 @@ "items": {}, "type": "array" }, + "generateCA": { + "type": "boolean" + }, "image": { "properties": { "digest": { @@ -681,9 +708,15 @@ }, "type": "object" }, + "nodeSelector": { + "type": "object" + }, "podLabels": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, "tolerations": { "items": {}, "type": "array" @@ -734,19 +767,6 @@ } } }, - { - "properties": { - "burst": { - "type": "integer" - }, - "limit": { - "type": "integer" - }, - "nodes": { - "type": "integer" - } - } - }, { "properties": { "burst": { @@ -763,6 +783,12 @@ ] }, "type": "array" + }, + "sliceMode": { + "enum": [ + "identity", + "fcfs" + ] } }, "type": "object" @@ -1224,6 +1250,10 @@ "string" ] }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, "nodePort": { "type": "integer" }, @@ -1448,6 +1478,12 @@ }, "type": "object" }, + "commonLabels": { + "type": [ + "null", + "object" + ] + }, "conntrackGCInterval": { "type": "string" }, @@ -1485,6 +1521,12 @@ "string" ] }, + "enableSourceIPVerification": { + "type": [ + "null", + "boolean" + ] + }, "runPath": { "type": "string" } @@ -1528,6 +1570,9 @@ }, "type": "object" }, + "defaultLBServiceIPAM": { + "type": "string" + }, "directRoutingSkipUnreachable": { "type": "boolean" }, @@ -1601,12 +1646,21 @@ "enableIPv6Masquerade": { "type": "boolean" }, + "enableInternalTrafficPolicy": { + "type": "boolean" + }, "enableK8sTerminatingEndpoint": { "type": "boolean" }, + "enableLBIPAM": { + "type": "boolean" + }, "enableMasqueradeRouteSource": { "type": "boolean" }, + "enableNonDefaultDenyPolicies": { + "type": "boolean" + }, "enableRuntimeDeviceDetection": { "type": "boolean" }, @@ -1668,9 +1722,6 @@ "properties": { "persistentKeepalive": { "type": "string" - }, - "userspaceFallback": { - "type": "boolean" } }, "type": "object" @@ -1686,6 +1737,9 @@ }, "type": "object" }, + "endpointLockdownOnMapOverflow": { + "type": "boolean" + }, "endpointRoutes": { "properties": { "enabled": { @@ -1866,6 +1920,12 @@ "baseID": { "type": "integer" }, + "bootstrapConfigMap": { + "type": [ + "null", + "string" + ] + }, "connectTimeoutSeconds": { "type": "integer" }, @@ -1924,6 +1984,9 @@ "healthPort": { "type": "integer" }, + "httpRetryCount": { + "type": "integer" + }, "idleTimeoutDurationSeconds": { "type": "integer" }, @@ -1969,8 +2032,41 @@ }, "log": { "properties": { + "accessLogBufferSize": { + "type": [ + "null", + "integer" + ] + }, + "defaultLevel": { + "oneOf": [ + { + "type": "null" + }, + { + "enum": [ + "trace", + "debug", + "info", + "warning", + "error", + "critical", + "off" + ] + } + ] + }, "format": { - "type": "string" + "type": [ + "null", + "string" + ] + }, + "format_json": { + "type": [ + "null", + "object" + ] }, "path": { "type": "string" @@ -1978,6 +2074,9 @@ }, "type": "object" }, + "maxConcurrentRetries": { + "type": "integer" + }, "maxConnectionDurationSeconds": { "type": "integer" }, @@ -2356,6 +2455,9 @@ "global": { "type": "object" }, + "healthCheckICMPFailureThreshold": { + "type": "integer" + }, "healthChecking": { "type": "boolean" }, @@ -2528,6 +2630,51 @@ }, "type": "object" }, + "dynamic": { + "properties": { + "config": { + "properties": { + "configMapName": { + "type": "string" + }, + "content": { + "items": { + "anyOf": [ + { + "properties": { + "contextOptions": { + "items": {}, + "type": "array" + }, + "excludeFilters": { + "items": {}, + "type": "array" + }, + "includeFilters": { + "items": {}, + "type": "array" + }, + "name": { + "type": "string" + } + } + } + ] + }, + "type": "array" + }, + "createConfigMap": { + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, "enableOpenMetrics": { "type": "boolean" }, @@ -3291,6 +3438,9 @@ }, "type": "object" }, + "labels": { + "type": "object" + }, "nodeSelector": { "properties": { "kubernetes.io/os": { @@ -3624,9 +3774,15 @@ "ciliumNodeUpdateRate": { "type": "string" }, + "installUplinkRoutesForDelegatedIPAM": { + "type": "boolean" + }, "mode": { "type": "string" }, + "multiPoolPreAllocation": { + "type": "string" + }, "operator": { "properties": { "autoCreateCiliumPodIPPools": { @@ -3682,6 +3838,9 @@ }, "type": "object" }, + "iptablesRandomFully": { + "type": "boolean" + }, "ipv4": { "properties": { "enabled": { @@ -3723,6 +3882,23 @@ "integer" ] }, + "operator": { + "properties": { + "burst": { + "type": [ + "null", + "integer" + ] + }, + "qps": { + "type": [ + "null", + "integer" + ] + } + }, + "type": "object" + }, "qps": { "type": [ "null", @@ -3743,6 +3919,18 @@ "k8sServiceHost": { "type": "string" }, + "k8sServiceLookupConfigMapName": { + "type": [ + "null", + "string" + ] + }, + "k8sServiceLookupNamespace": { + "type": [ + "null", + "string" + ] + }, "k8sServicePort": { "type": [ "string", @@ -3810,6 +3998,9 @@ "acceleration": { "type": "string" }, + "experimental": { + "type": "boolean" + }, "l7": { "properties": { "algorithm": { @@ -3848,6 +4039,12 @@ "name": { "type": "string" }, + "namespaceOverride": { + "type": [ + "null", + "string" + ] + }, "nat": { "properties": { "mapStatsEntries": { @@ -4309,6 +4506,9 @@ "enabled": { "type": "boolean" }, + "metricsService": { + "type": "boolean" + }, "port": { "type": "integer" }, @@ -4688,6 +4888,9 @@ "array" ] }, + "metricsService": { + "type": "boolean" + }, "port": { "type": "integer" }, @@ -4812,6 +5015,17 @@ "routingMode": { "type": "string" }, + "scheduling": { + "properties": { + "mode": { + "enum": [ + "anti-affinity", + "kube-scheduler" + ] + } + }, + "type": "object" + }, "sctp": { "properties": { "enabled": { @@ -5191,8 +5405,39 @@ }, "type": "object" }, + "readSecretsOnlyFromSecretsNamespace": { + "type": [ + "null", + "boolean" + ] + }, + "secretSync": { + "properties": { + "enabled": { + "type": [ + "null", + "boolean" + ] + } + }, + "type": "object" + }, "secretsBackend": { - "type": "string" + "type": [ + "null", + "string" + ] + }, + "secretsNamespace": { + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" diff --git a/packages/system/cilium/charts/cilium/values.yaml b/packages/system/cilium/charts/cilium/values.yaml index cc666fbc..0668966f 100644 --- a/packages/system/cilium/charts/cilium/values.yaml +++ b/packages/system/cilium/charts/cilium/values.yaml @@ -2,6 +2,17 @@ # This file is based on install/kubernetes/cilium/*values.yaml.tmpl. +# @schema +# type: [null, string] +# @schema +# -- namespaceOverride allows to override the destination namespace for Cilium resources. +# This property allows to use Cilium as part of an Umbrella Chart with different targets. +namespaceOverride: "" +# @schema +# type: [null, object] +# @schema +# -- commonLabels allows users to add common labels for all Cilium resources. +commonLabels: {} # @schema # type: [null, string] # @schema @@ -36,35 +47,62 @@ rbac: imagePullSecrets: [] # - name: "image-pull-secret" +# -- Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. +iptablesRandomFully: false # -- (string) Kubernetes config path # @default -- `"~/.kube/config"` kubeConfigPath: "" -# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) +# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap k8sServiceHost: "" # @schema # type: [string, integer] # @schema # -- (string) Kubernetes service port k8sServicePort: "" -# -- Configure the client side rate limit for the agent and operator +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. +k8sServiceLookupConfigMapName: "" +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. +k8sServiceLookupNamespace: "" +# -- Configure the client side rate limit for the agent # # If the amount of requests to the Kubernetes API server exceeds the configured -# rate limit, the agent and operator will start to throttle requests by delaying +# rate limit, the agent will start to throttle requests by delaying # them until there is budget or the request times out. k8sClientRateLimit: # @schema # type: [null, integer] # @schema # -- (int) The sustained request rate in requests per second. - # @default -- 5 for k8s up to 1.26. 10 for k8s version 1.27+ + # @default -- 10 qps: # @schema # type: [null, integer] # @schema # -- (int) The burst request rate in requests per second. # The rate limiter will allow short bursts with a higher rate. - # @default -- 10 for k8s up to 1.26. 20 for k8s version 1.27+ + # @default -- 20 burst: + # -- Configure the client side rate limit for the Cilium Operator + operator: + # @schema + # type: [null, integer] + # @schema + # -- (int) The sustained request rate in requests per second. + # @default -- 100 + qps: + # @schema + # type: [null, integer] + # @schema + # -- (int) The burst request rate in requests per second. + # The rate limiter will allow short bursts with a higher rate. + # @default -- 200 + burst: cluster: # -- Name of the cluster. Only required for Cluster Mesh and mutual authentication with SPIRE. # It must respect the following constraints: @@ -153,11 +191,24 @@ image: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.16.6" + tag: "v1.17.1" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da" + digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" useDigest: true +# -- Scheduling configurations for cilium pods +scheduling: + # @schema + # enum: ["anti-affinity", "kube-scheduler"] + # @schema + # -- Mode specifies how Cilium daemonset pods should be scheduled to Nodes. + # `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. + # Pod anti-affinity may significantly impact scheduling throughput for large clusters. + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. + # Kube-scheduler avoids host port conflict when scheduling pods. + # @default -- Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` + mode: anti-affinity # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -387,16 +438,6 @@ l2podAnnouncements: enabled: false # -- Interface used for sending Gratuitous ARP pod announcements interface: "eth0" -# -- Configure BGP -bgp: - # -- Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside - # cilium-agent and cilium-operator - enabled: false - announce: - # -- Enable allocation and announcement of service LoadBalancer IPs - loadbalancerIP: false - # -- Enable announcement of node pod CIDR - podCIDR: false # -- This feature set enables virtual BGP routers to be created via # CiliumBGPPeeringPolicy CRDs. bgpControlPlane: @@ -408,6 +449,12 @@ bgpControlPlane: create: false # -- The name of the secret namespace to which Cilium agents are given read access name: kube-system + # -- Status reporting settings (BGPv2 only) + statusReport: + # -- Enable/Disable BGPv2 status reporting + # It is recommended to enable status reporting in general, but if you have any issue + # such as high API server load, you can disable it by setting this to false. + enabled: true pmtuDiscovery: # -- Enable path MTU discovery to send ICMP fragmentation-needed replies to # the client. @@ -432,6 +479,8 @@ bpf: # -- (int) Configure the maximum number of entries in auth map. # @default -- `524288` authMapMax: ~ + # -- Enable CT accounting for packets and bytes + ctAccounting: false # @schema # type: [null, integer] # @schema @@ -447,7 +496,25 @@ bpf: # @default -- `262144` ctAnyMax: ~ # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. + # Helm configuration for BPF events map rate limiting is experimental and might change + # in upcoming releases. events: + # -- Default settings for all types of events except dbg and pcap. + default: + # -- (int) Configure the limit of messages per second that can be written to + # BPF events map. The number of messages is averaged, meaning that if no messages + # were written to the map over 5 seconds, it's possible to write more events + # in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + rateLimit: ~ + # -- (int) Configure the maximum number of messages that can be written to BPF events + # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + burstLimit: ~ drop: # -- Enable drop events. enabled: true @@ -502,8 +569,23 @@ bpf: # -- Configure which TCP flags trigger notifications when seen for the # first time in a connection. monitorFlags: "all" - # -- Allow cluster external access to ClusterIP services. + # -- (bool) Allow cluster external access to ClusterIP services. + # @default -- `false` lbExternalClusterIP: false + # -- (bool) Enable loadBalancerSourceRanges CIDR filtering for all service + # types, not just LoadBalancer services. The corresponding NodePort and + # ClusterIP (if enabled for cluster-external traffic) will also apply the + # CIDR filter. + # @default -- `false` + lbSourceRangeAllTypes: false + # -- (bool) Enable the option to define the load balancing algorithm on + # a per-service basis through service.cilium.io/lb-algorithm annotation. + # @default -- `false` + lbAlgorithmAnnotation: false + # -- (bool) Enable the option to define the load balancing mode (SNAT or DSR) + # on a per-service basis through service.cilium.io/forwarding-mode annotation. + # @default -- `false` + lbModeAnnotation: false # @schema # type: [null, boolean] # @schema @@ -522,7 +604,7 @@ bpf: # @schema # type: [null, boolean] # @schema - # -- (bool) Configure the eBPF-based TPROXY to reduce reliance on iptables rules + # -- (bool) Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules # for implementing Layer 7 policy. # @default -- `false` tproxy: ~ @@ -679,6 +761,14 @@ daemon: # # By default, all keys may be overridden. blockedConfigOverrides: ~ + # @schema + # type: [null, boolean] + # @schema + # -- enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification + # of endpoints. This flag is useful when Cilium is chained with other CNIs. + # + # By default, this functionality is enabled + enableSourceIPVerification: true # -- Specify which network interfaces can run the eBPF datapath. This means # that a packet sent from a pod to a destination outside the cluster will be # masqueraded (to an output device IPv4 address), if the output device runs the @@ -722,11 +812,15 @@ ciliumEndpointSlice: limit: 10 burst: 20 - nodes: 100 - limit: 7 - burst: 15 - - nodes: 500 - limit: 5 - burst: 10 + limit: 50 + burst: 100 + # @schema + # enum: ["identity", "fcfs"] + # @schema + # -- The slicing mode to use for CiliumEndpointSlices. + # identity groups together CiliumEndpoints that share the same identity. + # fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. + sliceMode: identity envoyConfig: # -- Enable CiliumEnvoyConfig CRD # CiliumEnvoyConfig CRD can also be implicitly enabled by other options. @@ -915,8 +1009,6 @@ encryption: # -- Enable IPsec encrypted overlay encryptedOverlay: false wireguard: - # -- Enables the fallback to the user-space implementation (deprecated). - userspaceFallback: false # -- Controls WireGuard PersistentKeepalive option. Set 0s to disable. persistentKeepalive: 0s endpointHealthChecking: @@ -932,6 +1024,8 @@ endpointRoutes: k8sNetworkPolicy: # -- Enable support for K8s NetworkPolicy enabled: true +# -- Enable endpoint lockdown on policy map overflow. +endpointLockdownOnMapOverflow: false eni: # -- Enable Elastic Network Interface (ENI) integration. enabled: false @@ -982,6 +1076,8 @@ gke: healthChecking: true # -- TCP port for the agent health API. This is not the port for cilium-health. healthPort: 9879 +# -- Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. +healthCheckICMPFailureThreshold: 3 # -- Configure the host firewall. hostFirewall: # -- Enables the enforcement of host policies in the eBPF datapath. @@ -1004,14 +1100,16 @@ socketLB: # for the Kubernetes CronJob which will be scheduled regularly to # (re)generate any certificates not provided manually. certgen: + # -- When set to true the certificate authority secret is created. + generateCA: true image: # @schema # type: [null, string] # @schema override: ~ repository: "quay.io/cilium/certgen" - tag: "v0.2.0" - digest: "sha256:169d93fd8f2f9009db3b9d5ccd37c2b753d0989e1e7cd8fe79f9160c459eef4f" + tag: "v0.2.1" + digest: "sha256:ab6b1928e9c5f424f6b0f51c68065b9fd85e2f8d3e5f21fbd1a3cb27e6fb9321" useDigest: true pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted @@ -1022,6 +1120,12 @@ certgen: annotations: job: {} cronJob: {} + # -- Node selector for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # -- Priority class for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass + priorityClassName: "" # -- Node tolerations for pod assignment on nodes with taints # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ tolerations: [] @@ -1147,6 +1251,21 @@ hubble: namespace: ~ labelValue: "1" annotations: {} + # Dynamic metrics may be reconfigured without a need of agent restarts. + dynamic: + enabled: false + config: + # ---- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. + configMapName: cilium-dynamic-metrics-config + # ---- True if helm installer should create config map. + # Switch to false if you want to self maintain the file content. + createConfigMap: true + # ---- Exporters configuration in YAML format. + content: + - name: all + contextOptions: [] + includeFilters: [] + excludeFilters: [] # -- Unix domain socket path to listen to when Hubble is enabled. socketPath: /var/run/cilium/hubble.sock # -- Enables redacting sensitive information present in Layer 7 flows. @@ -1314,9 +1433,9 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.16.6" + tag: "v1.17.1" # hubble-relay-digest - digest: "sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b" + digest: "sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc" useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1398,7 +1517,7 @@ hubble: - ALL # -- hubble-relay service configuration. service: - # --- The type of service used for Hubble Relay access, either ClusterIP or NodePort. + # --- The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. type: ClusterIP # --- The port to use when the service type is set to NodePort. nodePort: 31234 @@ -1454,6 +1573,8 @@ hubble: # type: [null, string] # @schema # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). + # + # This option has been deprecated and is a no-op. dialTimeout: ~ # @schema # type: [null, string] @@ -1625,6 +1746,8 @@ hubble: replicas: 1 # -- Annotations to be added to all top-level hubble-ui objects (resources under templates/hubble-ui) annotations: {} + # -- Additional labels to be added to 'hubble-ui' deployment object + labels: {} # -- Annotations to be added to hubble-ui pods podAnnotations: {} # -- Labels to be added to hubble-ui pods @@ -1760,7 +1883,7 @@ hubble: reasons: - auth_required - policy_denied -# -- Method to use for identity allocation (`crd` or `kvstore`). +# -- Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). identityAllocationMode: "crd" # -- (string) Time to wait before using new identity on endpoint identity change. # @default -- `"5s"` @@ -1776,6 +1899,10 @@ ipam: mode: "cluster-pool" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" + # -- Pre-allocation settings for IPAM in Multi-Pool mode + multiPoolPreAllocation: "" + # -- Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. + installUplinkRoutesForDelegatedIPAM: false operator: # @schema # type: [array, string] @@ -1818,6 +1945,12 @@ ipam: # refill the bucket up to the burst size capacity. # @default -- `4.0` externalAPILimitQPS: ~ +# -- defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when +# no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none +# @schema +# type: [string] +# @schema +defaultLBServiceIPAM: lbipam nodeIPAM: # -- Configure Node IPAM # ref: https://docs.cilium.io/en/stable/network/node-ipam/ @@ -1998,6 +2131,9 @@ loadBalancer: # endpoints filtering # serviceTopology: false + # -- experimental enables support for the experimental load-balancing + # control-plane. + experimental: false # -- L7 LoadBalancer l7: # -- Enable L7 service load balancing via envoy proxy. @@ -2067,6 +2203,7 @@ pprof: port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: + metricsService: false enabled: false port: 9962 serviceMonitor: @@ -2139,14 +2276,51 @@ envoy: # Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' baseID: 0 log: - # -- The format string to use for laying out the log message metadata of Envoy. + # @schema + # type: [null, string] + # @schema + # -- The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. + # This setting is mutually exclusive with envoy.log.format_json. format: "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v" + # @schema + # type: [null, object] + # @schema + # -- The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. + # ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format + format_json: null + # date: "%Y-%m-%dT%T.%e" + # thread_id: "%t" + # source_line: "%s:%#" + # level: "%l" + # logger: "%n" + # message: "%j" # -- Path to a separate Envoy log file, if any. Defaults to /dev/stdout. path: "" + # @schema + # oneOf: + # - type: [null] + # - enum: [trace,debug,info,warning,error,critical,off] + # @schema + # -- Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. + # This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. + # Possible values: trace, debug, info, warning, error, critical, off + # @default -- Defaults to the default log level of the Cilium Agent - `info` + defaultLevel: ~ + # @schema + # type: [null, integer] + # @schema + # -- Size of the Envoy access log buffer created within the agent in bytes. + # Tune this value up if you encounter "Envoy: Discarded truncated access log message" errors. + # Large request/response header sizes (e.g. 16KiB) will require a larger buffer size. + accessLogBufferSize: 4096 # -- Time in seconds after which a TCP connection attempt times out connectTimeoutSeconds: 2 # -- Time in seconds after which the initial fetch on an xDS stream is considered timed out initialFetchTimeoutSeconds: 30 + # -- Maximum number of concurrent retries on Envoy clusters + maxConcurrentRetries: 128 + # -- Maximum number of retries for each HTTP request + httpRetryCount: 3 # -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy maxRequestsPerConnection: 0 # -- Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) @@ -2165,9 +2339,9 @@ envoy: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5" + tag: "v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae" pullPolicy: "IfNotPresent" - digest: "sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88" + digest: "sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] @@ -2203,6 +2377,15 @@ envoy: maxUnavailable: 2 # -- Roll out cilium envoy pods automatically when configmap is updated. rollOutPods: false + # -- ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. + # When specified, Envoy will use this ConfigMap instead of the default provided by the chart. + # WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to + # syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support + # cannot be provided for custom Envoy bootstrap configs. + # @schema + # type: [null, string] + # @schema + bootstrapConfigMap: ~ # -- Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) annotations: {} # -- Security Context for cilium-envoy pods. @@ -2388,12 +2571,42 @@ svcSourceRangeCheck: true synchronizeK8sNodes: true # -- Configure TLS configuration in the agent. tls: + # @schema + # type: [null, string] + # @schema # -- This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies # (namely the secrets referenced by terminatingTLS and originatingTLS). + # This value is DEPRECATED and will be removed in a future version. + # Use `tls.readSecretsOnlyFromSecretsNamespace` instead. # Possible values: # - local # - k8s - secretsBackend: local + secretsBackend: ~ + # @schema + # type: [null, boolean] + # @schema + # -- Configure if the Cilium Agent will only look in `tls.secretsNamespace` for + # CiliumNetworkPolicy relevant Secrets. + # If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access + # to _all_ secrets in the entire cluster. This is not recommended and is + # included for backwards compatibility. + # This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old + # setting, and `false` == `k8s`. + readSecretsOnlyFromSecretsNamespace: ~ + # -- Configures where secrets used in CiliumNetworkPolicies will be looked for + secretsNamespace: + # -- Create secrets namespace for TLS Interception secrets. + create: true + # -- Name of TLS Interception secret namespace. + name: cilium-secrets + # -- Configures settings for synchronization of TLS Interception Secrets + secretSync: + # @schema + # type: [null, boolean] + # @schema + # -- Enable synchronization of Secrets for TLS Interception. If disabled and + # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. # It is neither required nor used when cert-manager is used to generate the certificates. @@ -2480,15 +2693,15 @@ operator: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.16.6" + tag: "v1.17.1" # operator-generic-digest - genericDigest: "sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc" + genericDigest: "sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97" # operator-azure-digest - azureDigest: "sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd" + azureDigest: "sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b" # operator-aws-digest - awsDigest: "sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d" + awsDigest: "sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9" + alibabacloudDigest: "sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c" useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -2612,6 +2825,7 @@ operator: # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: + metricsService: false enabled: true port: 9963 serviceMonitor: @@ -2762,9 +2976,9 @@ preflight: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.16.6" + tag: "v1.17.1" # cilium-digest - digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da" + digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -2911,9 +3125,9 @@ clustermesh: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.16.6" + tag: "v1.17.1" # clustermesh-apiserver-digest - digest: "sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a" + digest: "sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c" useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -3009,9 +3223,11 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Annotations for the clustermesh-apiserver - # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" - # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # -- Annotations for the clustermesh-apiserver service. + # Example annotations to configure an internal load balancer on different cloud providers: + # * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + # * GKE: networking.gke.io/load-balancer-type: "Internal" annotations: {} # @schema # enum: [Local, Cluster] @@ -3055,6 +3271,10 @@ clustermesh: # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver # LB service in case the Service type is set to LoadBalancer. loadBalancerIP: ~ + # -- Configure loadBalancerSourceRanges. + # Allows to configure the source IP ranges allowed to access the + # clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. + loadBalancerSourceRanges: [] # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 # -- lifecycle setting for the apiserver container @@ -3347,7 +3567,7 @@ dnsProxy: # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. enableDnsCompression: true # -- Maximum number of IPs to maintain per FQDN name for each endpoint. - endpointMaxIpPerHostname: 50 + endpointMaxIpPerHostname: 1000 # -- Time during which idle but previously active connections with expired DNS lookups are still considered alive. idleConnectionGracePeriod: 0s # -- Maximum number of IPs to retain for expired DNS lookups with still-active connections. @@ -3369,6 +3589,8 @@ dnsProxy: sctp: # -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. enabled: false +# -- Enable Non-Default-Deny policies +enableNonDefaultDenyPolicies: true # Configuration for types of authentication for Cilium (beta) authentication: # -- Enable authentication processing and garbage collection. @@ -3411,12 +3633,14 @@ authentication: # @schema override: ~ repository: "docker.io/library/busybox" - tag: "1.36.1" - digest: "sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02" + tag: "1.37.0" + digest: "sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration agent: + # -- The priority class to use for the spire agent + priorityClassName: "" # -- SPIRE agent image image: # @schema @@ -3436,6 +3660,8 @@ authentication: annotations: {} # -- SPIRE agent labels labels: {} + # -- container resource limits & requests + resources: {} # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration @@ -3468,6 +3694,8 @@ authentication: # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container securityContext: {} server: + # -- The priority class to use for the spire server + priorityClassName: "" # -- SPIRE server image image: # @schema @@ -3490,6 +3718,8 @@ authentication: # -- SPIRE server labels labels: {} # SPIRE server service configuration + # -- container resource limits & requests + resources: {} service: # -- Service type for the SPIRE server service type: ClusterIP @@ -3555,3 +3785,7 @@ authentication: agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s +# -- Enable Internal Traffic Policy +enableInternalTrafficPolicy: true +# -- Enable LoadBalancer IP Address Management +enableLBIPAM: true diff --git a/packages/system/cilium/charts/cilium/values.yaml.tmpl b/packages/system/cilium/charts/cilium/values.yaml.tmpl index 7c18e03a..4a4b7eb3 100644 --- a/packages/system/cilium/charts/cilium/values.yaml.tmpl +++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl @@ -1,4 +1,16 @@ +# @schema +# type: [null, string] +# @schema +# -- namespaceOverride allows to override the destination namespace for Cilium resources. +# This property allows to use Cilium as part of an Umbrella Chart with different targets. +namespaceOverride: "" +# @schema +# type: [null, object] +# @schema +# -- commonLabels allows users to add common labels for all Cilium resources. +commonLabels: {} + # @schema # type: [null, string] # @schema @@ -34,35 +46,64 @@ rbac: imagePullSecrets: [] # - name: "image-pull-secret" +# -- Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. +iptablesRandomFully: false + # -- (string) Kubernetes config path # @default -- `"~/.kube/config"` kubeConfigPath: "" -# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) +# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap k8sServiceHost: "" # @schema # type: [string, integer] # @schema # -- (string) Kubernetes service port k8sServicePort: "" -# -- Configure the client side rate limit for the agent and operator +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. +k8sServiceLookupConfigMapName: "" +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. +k8sServiceLookupNamespace: "" +# -- Configure the client side rate limit for the agent # # If the amount of requests to the Kubernetes API server exceeds the configured -# rate limit, the agent and operator will start to throttle requests by delaying +# rate limit, the agent will start to throttle requests by delaying # them until there is budget or the request times out. k8sClientRateLimit: # @schema # type: [null, integer] # @schema # -- (int) The sustained request rate in requests per second. - # @default -- 5 for k8s up to 1.26. 10 for k8s version 1.27+ + # @default -- 10 qps: # @schema # type: [null, integer] # @schema # -- (int) The burst request rate in requests per second. # The rate limiter will allow short bursts with a higher rate. - # @default -- 10 for k8s up to 1.26. 20 for k8s version 1.27+ + # @default -- 20 burst: + # -- Configure the client side rate limit for the Cilium Operator + operator: + # @schema + # type: [null, integer] + # @schema + # -- (int) The sustained request rate in requests per second. + # @default -- 100 + qps: + # @schema + # type: [null, integer] + # @schema + # -- (int) The burst request rate in requests per second. + # The rate limiter will allow short bursts with a higher rate. + # @default -- 200 + burst: + cluster: # -- Name of the cluster. Only required for Cluster Mesh and mutual authentication with SPIRE. # It must respect the following constraints: @@ -156,6 +197,19 @@ image: # cilium-digest digest: ${CILIUM_DIGEST} useDigest: ${USE_DIGESTS} +# -- Scheduling configurations for cilium pods +scheduling: + # @schema + # enum: ["anti-affinity", "kube-scheduler"] + # @schema + # -- Mode specifies how Cilium daemonset pods should be scheduled to Nodes. + # `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. + # Pod anti-affinity may significantly impact scheduling throughput for large clusters. + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. + # Kube-scheduler avoids host port conflict when scheduling pods. + # @default -- Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` + mode: anti-affinity # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -389,16 +443,6 @@ l2podAnnouncements: enabled: false # -- Interface used for sending Gratuitous ARP pod announcements interface: "eth0" -# -- Configure BGP -bgp: - # -- Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside - # cilium-agent and cilium-operator - enabled: false - announce: - # -- Enable allocation and announcement of service LoadBalancer IPs - loadbalancerIP: false - # -- Enable announcement of node pod CIDR - podCIDR: false # -- This feature set enables virtual BGP routers to be created via # CiliumBGPPeeringPolicy CRDs. bgpControlPlane: @@ -410,6 +454,12 @@ bgpControlPlane: create: false # -- The name of the secret namespace to which Cilium agents are given read access name: kube-system + # -- Status reporting settings (BGPv2 only) + statusReport: + # -- Enable/Disable BGPv2 status reporting + # It is recommended to enable status reporting in general, but if you have any issue + # such as high API server load, you can disable it by setting this to false. + enabled: true pmtuDiscovery: # -- Enable path MTU discovery to send ICMP fragmentation-needed replies to # the client. @@ -434,6 +484,8 @@ bpf: # -- (int) Configure the maximum number of entries in auth map. # @default -- `524288` authMapMax: ~ + # -- Enable CT accounting for packets and bytes + ctAccounting: false # @schema # type: [null, integer] # @schema @@ -449,7 +501,25 @@ bpf: # @default -- `262144` ctAnyMax: ~ # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. + # Helm configuration for BPF events map rate limiting is experimental and might change + # in upcoming releases. events: + # -- Default settings for all types of events except dbg and pcap. + default: + # -- (int) Configure the limit of messages per second that can be written to + # BPF events map. The number of messages is averaged, meaning that if no messages + # were written to the map over 5 seconds, it's possible to write more events + # in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + rateLimit: ~ + # -- (int) Configure the maximum number of messages that can be written to BPF events + # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + burstLimit: ~ drop: # -- Enable drop events. enabled: true @@ -504,8 +574,23 @@ bpf: # -- Configure which TCP flags trigger notifications when seen for the # first time in a connection. monitorFlags: "all" - # -- Allow cluster external access to ClusterIP services. + # -- (bool) Allow cluster external access to ClusterIP services. + # @default -- `false` lbExternalClusterIP: false + # -- (bool) Enable loadBalancerSourceRanges CIDR filtering for all service + # types, not just LoadBalancer services. The corresponding NodePort and + # ClusterIP (if enabled for cluster-external traffic) will also apply the + # CIDR filter. + # @default -- `false` + lbSourceRangeAllTypes: false + # -- (bool) Enable the option to define the load balancing algorithm on + # a per-service basis through service.cilium.io/lb-algorithm annotation. + # @default -- `false` + lbAlgorithmAnnotation: false + # -- (bool) Enable the option to define the load balancing mode (SNAT or DSR) + # on a per-service basis through service.cilium.io/forwarding-mode annotation. + # @default -- `false` + lbModeAnnotation: false # @schema # type: [null, boolean] # @schema @@ -524,7 +609,7 @@ bpf: # @schema # type: [null, boolean] # @schema - # -- (bool) Configure the eBPF-based TPROXY to reduce reliance on iptables rules + # -- (bool) Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules # for implementing Layer 7 policy. # @default -- `false` tproxy: ~ @@ -681,6 +766,14 @@ daemon: # # By default, all keys may be overridden. blockedConfigOverrides: ~ + # @schema + # type: [null, boolean] + # @schema + # -- enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification + # of endpoints. This flag is useful when Cilium is chained with other CNIs. + # + # By default, this functionality is enabled + enableSourceIPVerification: true # -- Specify which network interfaces can run the eBPF datapath. This means # that a packet sent from a pod to a destination outside the cluster will be # masqueraded (to an output device IPv4 address), if the output device runs the @@ -727,11 +820,16 @@ ciliumEndpointSlice: limit: 10 burst: 20 - nodes: 100 - limit: 7 - burst: 15 - - nodes: 500 - limit: 5 - burst: 10 + limit: 50 + burst: 100 + + # @schema + # enum: ["identity", "fcfs"] + # @schema + # -- The slicing mode to use for CiliumEndpointSlices. + # identity groups together CiliumEndpoints that share the same identity. + # fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. + sliceMode: identity envoyConfig: # -- Enable CiliumEnvoyConfig CRD @@ -924,8 +1022,6 @@ encryption: # -- Enable IPsec encrypted overlay encryptedOverlay: false wireguard: - # -- Enables the fallback to the user-space implementation (deprecated). - userspaceFallback: false # -- Controls WireGuard PersistentKeepalive option. Set 0s to disable. persistentKeepalive: 0s endpointHealthChecking: @@ -941,6 +1037,8 @@ endpointRoutes: k8sNetworkPolicy: # -- Enable support for K8s NetworkPolicy enabled: true +# -- Enable endpoint lockdown on policy map overflow. +endpointLockdownOnMapOverflow: false eni: # -- Enable Elastic Network Interface (ENI) integration. enabled: false @@ -991,6 +1089,8 @@ gke: healthChecking: true # -- TCP port for the agent health API. This is not the port for cilium-health. healthPort: 9879 +# -- Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. +healthCheckICMPFailureThreshold: 3 # -- Configure the host firewall. hostFirewall: # -- Enables the enforcement of host policies in the eBPF datapath. @@ -1013,6 +1113,8 @@ socketLB: # for the Kubernetes CronJob which will be scheduled regularly to # (re)generate any certificates not provided manually. certgen: + # -- When set to true the certificate authority secret is created. + generateCA: true image: # @schema # type: [null, string] @@ -1031,6 +1133,12 @@ certgen: annotations: job: {} cronJob: {} + # -- Node selector for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # -- Priority class for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass + priorityClassName: "" # -- Node tolerations for pod assignment on nodes with taints # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ tolerations: [] @@ -1156,6 +1264,21 @@ hubble: namespace: ~ labelValue: "1" annotations: {} + # Dynamic metrics may be reconfigured without a need of agent restarts. + dynamic: + enabled: false + config: + # ---- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. + configMapName: cilium-dynamic-metrics-config + # ---- True if helm installer should create config map. + # Switch to false if you want to self maintain the file content. + createConfigMap: true + # ---- Exporters configuration in YAML format. + content: + - name: all + contextOptions: [] + includeFilters: [] + excludeFilters: [] # -- Unix domain socket path to listen to when Hubble is enabled. socketPath: /var/run/cilium/hubble.sock # -- Enables redacting sensitive information present in Layer 7 flows. @@ -1407,7 +1530,7 @@ hubble: - ALL # -- hubble-relay service configuration. service: - # --- The type of service used for Hubble Relay access, either ClusterIP or NodePort. + # --- The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. type: ClusterIP # --- The port to use when the service type is set to NodePort. nodePort: 31234 @@ -1463,6 +1586,8 @@ hubble: # type: [null, string] # @schema # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). + # + # This option has been deprecated and is a no-op. dialTimeout: ~ # @schema # type: [null, string] @@ -1634,6 +1759,8 @@ hubble: replicas: 1 # -- Annotations to be added to all top-level hubble-ui objects (resources under templates/hubble-ui) annotations: {} + # -- Additional labels to be added to 'hubble-ui' deployment object + labels: {} # -- Annotations to be added to hubble-ui pods podAnnotations: {} # -- Labels to be added to hubble-ui pods @@ -1771,7 +1898,7 @@ hubble: - auth_required - policy_denied -# -- Method to use for identity allocation (`crd` or `kvstore`). +# -- Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). identityAllocationMode: "crd" # -- (string) Time to wait before using new identity on endpoint identity change. # @default -- `"5s"` @@ -1787,6 +1914,10 @@ ipam: mode: "cluster-pool" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" + # -- Pre-allocation settings for IPAM in Multi-Pool mode + multiPoolPreAllocation: "" + # -- Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. + installUplinkRoutesForDelegatedIPAM: false operator: # @schema # type: [array, string] @@ -1829,6 +1960,12 @@ ipam: # refill the bucket up to the burst size capacity. # @default -- `4.0` externalAPILimitQPS: ~ +# -- defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when +# no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none +# @schema +# type: [string] +# @schema +defaultLBServiceIPAM: lbipam nodeIPAM: # -- Configure Node IPAM # ref: https://docs.cilium.io/en/stable/network/node-ipam/ @@ -2011,6 +2148,10 @@ loadBalancer: # endpoints filtering # serviceTopology: false + # -- experimental enables support for the experimental load-balancing + # control-plane. + experimental: false + # -- L7 LoadBalancer l7: # -- Enable L7 service load balancing via envoy proxy. @@ -2081,6 +2222,7 @@ pprof: port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: + metricsService: false enabled: false port: 9962 serviceMonitor: @@ -2153,14 +2295,51 @@ envoy: # Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' baseID: 0 log: - # -- The format string to use for laying out the log message metadata of Envoy. + # @schema + # type: [null, string] + # @schema + # -- The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. + # This setting is mutually exclusive with envoy.log.format_json. format: "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v" + # @schema + # type: [null, object] + # @schema + # -- The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. + # ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format + format_json: null + # date: "%Y-%m-%dT%T.%e" + # thread_id: "%t" + # source_line: "%s:%#" + # level: "%l" + # logger: "%n" + # message: "%j" # -- Path to a separate Envoy log file, if any. Defaults to /dev/stdout. path: "" + # @schema + # oneOf: + # - type: [null] + # - enum: [trace,debug,info,warning,error,critical,off] + # @schema + # -- Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. + # This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. + # Possible values: trace, debug, info, warning, error, critical, off + # @default -- Defaults to the default log level of the Cilium Agent - `info` + defaultLevel: ~ + # @schema + # type: [null, integer] + # @schema + # -- Size of the Envoy access log buffer created within the agent in bytes. + # Tune this value up if you encounter "Envoy: Discarded truncated access log message" errors. + # Large request/response header sizes (e.g. 16KiB) will require a larger buffer size. + accessLogBufferSize: 4096 # -- Time in seconds after which a TCP connection attempt times out connectTimeoutSeconds: 2 # -- Time in seconds after which the initial fetch on an xDS stream is considered timed out initialFetchTimeoutSeconds: 30 + # -- Maximum number of concurrent retries on Envoy clusters + maxConcurrentRetries: 128 + # -- Maximum number of retries for each HTTP request + httpRetryCount: 3 # -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy maxRequestsPerConnection: 0 # -- Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) @@ -2217,6 +2396,15 @@ envoy: maxUnavailable: 2 # -- Roll out cilium envoy pods automatically when configmap is updated. rollOutPods: false + # -- ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. + # When specified, Envoy will use this ConfigMap instead of the default provided by the chart. + # WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to + # syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support + # cannot be provided for custom Envoy bootstrap configs. + # @schema + # type: [null, string] + # @schema + bootstrapConfigMap: ~ # -- Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) annotations: {} # -- Security Context for cilium-envoy pods. @@ -2404,12 +2592,42 @@ svcSourceRangeCheck: true synchronizeK8sNodes: true # -- Configure TLS configuration in the agent. tls: + # @schema + # type: [null, string] + # @schema # -- This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies # (namely the secrets referenced by terminatingTLS and originatingTLS). + # This value is DEPRECATED and will be removed in a future version. + # Use `tls.readSecretsOnlyFromSecretsNamespace` instead. # Possible values: # - local # - k8s - secretsBackend: local + secretsBackend: ~ + # @schema + # type: [null, boolean] + # @schema + # -- Configure if the Cilium Agent will only look in `tls.secretsNamespace` for + # CiliumNetworkPolicy relevant Secrets. + # If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access + # to _all_ secrets in the entire cluster. This is not recommended and is + # included for backwards compatibility. + # This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old + # setting, and `false` == `k8s`. + readSecretsOnlyFromSecretsNamespace: ~ + # -- Configures where secrets used in CiliumNetworkPolicies will be looked for + secretsNamespace: + # -- Create secrets namespace for TLS Interception secrets. + create: true + # -- Name of TLS Interception secret namespace. + name: cilium-secrets + # -- Configures settings for synchronization of TLS Interception Secrets + secretSync: + # @schema + # type: [null, boolean] + # @schema + # -- Enable synchronization of Secrets for TLS Interception. If disabled and + # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. # It is neither required nor used when cert-manager is used to generate the certificates. @@ -2628,6 +2846,7 @@ operator: # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: + metricsService: false enabled: true port: 9963 serviceMonitor: @@ -3034,9 +3253,11 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Annotations for the clustermesh-apiserver - # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" - # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # -- Annotations for the clustermesh-apiserver service. + # Example annotations to configure an internal load balancer on different cloud providers: + # * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + # * GKE: networking.gke.io/load-balancer-type: "Internal" annotations: {} # @schema # enum: [Local, Cluster] @@ -3080,6 +3301,10 @@ clustermesh: # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver # LB service in case the Service type is set to LoadBalancer. loadBalancerIP: ~ + # -- Configure loadBalancerSourceRanges. + # Allows to configure the source IP ranges allowed to access the + # clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. + loadBalancerSourceRanges: [] # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 # -- lifecycle setting for the apiserver container @@ -3372,7 +3597,7 @@ dnsProxy: # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. enableDnsCompression: true # -- Maximum number of IPs to maintain per FQDN name for each endpoint. - endpointMaxIpPerHostname: 50 + endpointMaxIpPerHostname: 1000 # -- Time during which idle but previously active connections with expired DNS lookups are still considered alive. idleConnectionGracePeriod: 0s # -- Maximum number of IPs to retain for expired DNS lookups with still-active connections. @@ -3394,6 +3619,8 @@ dnsProxy: sctp: # -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. enabled: false +# -- Enable Non-Default-Deny policies +enableNonDefaultDenyPolicies: true # Configuration for types of authentication for Cilium (beta) authentication: # -- Enable authentication processing and garbage collection. @@ -3442,6 +3669,8 @@ authentication: pullPolicy: "${PULL_POLICY}" # SPIRE agent configuration agent: + # -- The priority class to use for the spire agent + priorityClassName: "" # -- SPIRE agent image image: # @schema @@ -3461,6 +3690,8 @@ authentication: annotations: {} # -- SPIRE agent labels labels: {} + # -- container resource limits & requests + resources: {} # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration @@ -3493,6 +3724,8 @@ authentication: # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container securityContext: {} server: + # -- The priority class to use for the spire server + priorityClassName: "" # -- SPIRE server image image: # @schema @@ -3515,6 +3748,8 @@ authentication: # -- SPIRE server labels labels: {} # SPIRE server service configuration + # -- container resource limits & requests + resources: {} service: # -- Service type for the SPIRE server service type: ClusterIP @@ -3580,3 +3815,7 @@ authentication: agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s +# -- Enable Internal Traffic Policy +enableInternalTrafficPolicy: true +# -- Enable LoadBalancer IP Address Management +enableLBIPAM: true diff --git a/packages/system/cilium/images/cilium/Dockerfile b/packages/system/cilium/images/cilium/Dockerfile index 99975a73..9ea72945 100644 --- a/packages/system/cilium/images/cilium/Dockerfile +++ b/packages/system/cilium/images/cilium/Dockerfile @@ -1,2 +1,2 @@ -ARG VERSION=v1.16.6 +ARG VERSION=v1.17.1 FROM quay.io/cilium/cilium:${VERSION} diff --git a/packages/system/cilium/values-kubeovn.yaml b/packages/system/cilium/values-kubeovn.yaml index 3fa940bb..3a4e3abc 100644 --- a/packages/system/cilium/values-kubeovn.yaml +++ b/packages/system/cilium/values-kubeovn.yaml @@ -1,4 +1,6 @@ cilium: + daemon: + enableSourceIPVerification: false sctp: enabled: true autoDirectNodeRoutes: false diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 70ac5c9f..476fc0b4 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -11,8 +11,8 @@ cilium: ipam: mode: "kubernetes" image: - repository: ghcr.io/aenix-io/cozystack/cilium - tag: 1.16.6 - digest: "sha256:cf64df62897b071d5a9a005564ecbfb9124aa82a96957e329ce28a187864f113" + repository: ghcr.io/cozystack/cozystack/cilium + tag: 1.17.1 + digest: "sha256:bb2ad64dfc01f774b429a96108527740c1f08230cac4b848a4939627dfce7a4a" envoy: enabled: false diff --git a/packages/system/clickhouse-operator/values.yaml b/packages/system/clickhouse-operator/values.yaml index 287874fc..fc740432 100644 --- a/packages/system/clickhouse-operator/values.yaml +++ b/packages/system/clickhouse-operator/values.yaml @@ -1,4 +1,6 @@ altinity-clickhouse-operator: + serviceMonitor: + enabled: true configs: files: config.yaml: diff --git a/packages/system/cozy-proxy/Makefile b/packages/system/cozy-proxy/Makefile index 0b679c2a..8f4f6192 100644 --- a/packages/system/cozy-proxy/Makefile +++ b/packages/system/cozy-proxy/Makefile @@ -6,6 +6,6 @@ include ../../../scripts/package.mk update: rm -rf charts - tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/aenix-io/cozy-proxy | awk -F'[/^]' 'END{print $$3}') && \ - curl -sSL https://github.com/aenix-io/cozy-proxy/archive/refs/tags/$${tag}.tar.gz | \ + tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/cozystack/cozy-proxy | awk -F'[/^]' 'END{print $$3}') && \ + curl -sSL https://github.com/cozystack/cozy-proxy/archive/refs/tags/$${tag}.tar.gz | \ tar xzvf - --strip 1 cozy-proxy-$${tag#*v}/charts diff --git a/packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml b/packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml index d1654f90..25d00122 100644 --- a/packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml +++ b/packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: cozy-proxy description: A simple kube-proxy addon for 1:1 NAT services in Kubernetes using an NFT backend type: application -version: 0.1.2 -appVersion: 0.1.2 +version: 0.1.3 +appVersion: 0.1.3 diff --git a/packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml b/packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml index 5816a8f9..df774bfa 100644 --- a/packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml +++ b/packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml @@ -25,3 +25,5 @@ spec: privileged: true capabilities: add: ["NET_ADMIN"] + tolerations: + - operator: Exists diff --git a/packages/system/cozy-proxy/charts/cozy-proxy/values.yaml b/packages/system/cozy-proxy/charts/cozy-proxy/values.yaml index 36058ae9..1498cd8d 100644 --- a/packages/system/cozy-proxy/charts/cozy-proxy/values.yaml +++ b/packages/system/cozy-proxy/charts/cozy-proxy/values.yaml @@ -1,6 +1,6 @@ image: - repository: ghcr.io/aenix-io/cozystack/cozy-proxy - tag: v0.1.2 + repository: ghcr.io/cozystack/cozystack/cozy-proxy + tag: v0.1.4 pullPolicy: IfNotPresent daemonset: diff --git a/packages/system/cozystack-api/Makefile b/packages/system/cozystack-api/Makefile index c4dc8173..053fe329 100644 --- a/packages/system/cozystack-api/Makefile +++ b/packages/system/cozystack-api/Makefile @@ -14,6 +14,7 @@ image-cozystack-api: --cache-to type=inline \ --metadata-file images/cozystack-api.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) IMAGE="$(REGISTRY)/cozystack-api:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/cozystack-api.json -o json -r)" \ yq -i '.cozystackAPI.image = strenv(IMAGE)' values.yaml diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index fab6fd93..52713f02 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.25.2@sha256:ade847d803ffe9538fc063a8427d7ca87187ac9eb18a584104dfce741be0d0cf + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.28.0@sha256:718d6fbbb9806e3704c42b48ab28547da0618539761c5b2fa8740043966d7073 diff --git a/packages/system/cozystack-controller/Makefile b/packages/system/cozystack-controller/Makefile index 22bc1fef..a1db9b0a 100644 --- a/packages/system/cozystack-controller/Makefile +++ b/packages/system/cozystack-controller/Makefile @@ -14,6 +14,7 @@ image-cozystack-controller: --cache-to type=inline \ --metadata-file images/cozystack-controller.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) IMAGE="$(REGISTRY)/cozystack-controller:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/cozystack-controller.json -o json -r)" \ yq -i '.cozystackController.image = strenv(IMAGE)' values.yaml diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index 6be8cbe9..50fa7bc9 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/aenix-io/cozystack/cozystack-controller:v0.25.2@sha256:310df1af9d6feb1604b56eab57ee43c82b080f9103d229b3f1cebf9525a04501 + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.28.0@sha256:6f6d356c4efcbb4faa1e636d3bda129626773894ce0c4d55a80a552ab9dbd06a debug: false disableTelemetry: false - cozystackVersion: "v0.25.2" + cozystackVersion: "v0.28.0" diff --git a/packages/system/dashboard/Makefile b/packages/system/dashboard/Makefile index b385c9bd..c0267da1 100644 --- a/packages/system/dashboard/Makefile +++ b/packages/system/dashboard/Makefile @@ -33,6 +33,7 @@ image-dashboard: update-version --cache-to type=inline \ --metadata-file images/dashboard.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) REGISTRY="$(REGISTRY)" \ yq -i '.kubeapps.dashboard.image.registry = strenv(REGISTRY)' values.yaml @@ -52,6 +53,7 @@ image-kubeapps-apis: update-version --cache-to type=inline \ --metadata-file images/kubeapps-apis.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) REGISTRY="$(REGISTRY)" \ yq -i '.kubeapps.kubeappsapis.image.registry = strenv(REGISTRY)' values.yaml diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml index a9cd6f06..b1de4aea 100644 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml +++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml @@ -76,7 +76,7 @@ data: "kubeappsNamespace": {{ .Release.Namespace | quote }}, "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }}, "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }}, - "appVersion": "v0.25.2", + "appVersion": "v0.28.0", "authProxyEnabled": {{ .Values.authProxy.enabled }}, "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }}, "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }}, diff --git a/packages/system/dashboard/images/dashboard/Dockerfile b/packages/system/dashboard/images/dashboard/Dockerfile index d474872e..60c6fda0 100644 --- a/packages/system/dashboard/images/dashboard/Dockerfile +++ b/packages/system/dashboard/images/dashboard/Dockerfile @@ -2,7 +2,7 @@ FROM bitnami/node:20.15.1 AS build WORKDIR /app ARG COMMIT_REF=190ea544aeb0be74bb6d1aa4bb474910559e7ecd -RUN wget -O- https://github.com/aenix-io/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard +RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard RUN yarn install --frozen-lockfile diff --git a/packages/system/dashboard/images/kubeapps-apis/Dockerfile b/packages/system/dashboard/images/kubeapps-apis/Dockerfile index 8d9f5041..05add84b 100644 --- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile +++ b/packages/system/dashboard/images/kubeapps-apis/Dockerfile @@ -7,7 +7,7 @@ FROM alpine as source ARG COMMIT_REF=dd02680d796c962b8dcc4e5ea70960a846c1acdc RUN apk add --no-cache patch WORKDIR /source -RUN wget -O- https://github.com/aenix-io/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 +RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 FROM bitnami/golang:1.23.4 AS builder WORKDIR /go/src/github.com/vmware-tanzu/kubeapps diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index c1252dc5..2b02cf89 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -15,39 +15,17 @@ kubeapps: flux: enabled: true dashboard: - customStyle: | - #serviceaccount-selector { - display: none; - } - .login-moreinfo { - display: none; - } - a[href="#/docs"] { - display: none; - } - .login-group .clr-form-control .clr-control-label { - display: none; - } - .appview-separator div.appview-first-row div.center { - display: none; - } - .appview-separator div.appview-first-row section[aria-labelledby="app-secrets"] { - display: none; - } - .appview-first-row section[aria-labelledby="access-urls-title"] { - width: 100%; - } image: - registry: ghcr.io/aenix-io/cozystack + registry: ghcr.io/cozystack/cozystack repository: dashboard - tag: v0.25.2 - digest: "sha256:4a5dab471c358f826920693591d153dacb81ff7d499daa19edd1f74109f12224" + tag: v0.28.0 + digest: "sha256:ebef6a0c4b0c9f0857fc82699abcaa7a135d18b5dafe129febc0bf90707f2f48" kubeappsapis: image: - registry: ghcr.io/aenix-io/cozystack + registry: ghcr.io/cozystack/cozystack repository: kubeapps-apis - tag: v0.25.2 - digest: "sha256:69e16490aff84e9084748011b7ae212679b8916cb882032436df450202aea37b" + tag: v0.28.0 + digest: "sha256:281093b1e80221074188fdfea97775494de1cdef16974ee1f3c3d47b313eee0e" pluginConfig: flux: packages: diff --git a/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml b/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml index a68aca7b..4aed3756 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml +++ b/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.4.0 +appVersion: v0.4.1 name: etcd-operator type: application -version: 0.4.0 +version: 0.4.1 diff --git a/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml b/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml index 534e00ad..825c726c 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml +++ b/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml @@ -73,6 +73,7 @@ rules: verbs: - get - list + - watch - apiGroups: - etcd.aenix.io resources: diff --git a/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml b/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml index 91136201..a88cbb77 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml +++ b/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml @@ -8,7 +8,7 @@ annotations: - name: Upstream Project url: https://github.com/controlplaneio-fluxcd/flux-operator apiVersion: v2 -appVersion: v0.13.0 +appVersion: v0.17.0 description: 'A Helm chart for deploying the Flux Operator. ' home: https://github.com/controlplaneio-fluxcd icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png @@ -25,4 +25,4 @@ sources: - https://github.com/controlplaneio-fluxcd/flux-operator - https://github.com/controlplaneio-fluxcd/charts type: application -version: 0.13.0 +version: 0.17.0 diff --git a/packages/system/fluxcd-operator/charts/flux-operator/README.md b/packages/system/fluxcd-operator/charts/flux-operator/README.md index 951521ed..838dfe1e 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/README.md +++ b/packages/system/fluxcd-operator/charts/flux-operator/README.md @@ -1,6 +1,6 @@ # flux-operator -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) +![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.17.0](https://img.shields.io/badge/AppVersion-v0.17.0-informational?style=flat-square) The [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) provides a declarative API for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the @@ -39,14 +39,17 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/) | extraEnvs | list | `[]` | Container extra environment variables. | | fullnameOverride | string | `""` | | | hostNetwork | bool | `false` | If `true`, the container ports (`8080` and `8081`) are exposed on the host network. | -| image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | +| image | object | `{"imagePullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | | installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | | livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | | logLevel | string | `"info"` | Container logging level flag. | | marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. | +| multitenancy | object | `{"defaultServiceAccount":"flux-operator","enabled":false}` | Enable [multitenancy lockdown](https://fluxcd.control-plane.io/operator/resourceset/#role-based-access-control) for the ResourceSet APIs. | | nameOverride | string | `""` | | | podSecurityContext | object | `{}` | Pod security context settings. | | priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. | +| rbac.create | bool | `true` | Grant the cluster-admin role to the flux-operator service account (required for the Flux Instance deployment). | +| rbac.createAggregation | bool | `true` | Grant the Kubernetes view, edit and admin roles access to ResourceSet APIs. | | readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. | | resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. | diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/admin-clusterrole.yaml similarity index 93% rename from packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml rename to packages/system/fluxcd-operator/charts/flux-operator/templates/admin-clusterrole.yaml index 6a09fa77..ae7382df 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/admin-clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -19,3 +20,4 @@ subjects: - kind: ServiceAccount name: {{ include "flux-operator.fullname" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/aggregate-clusterrole.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/aggregate-clusterrole.yaml new file mode 100644 index 00000000..86e9ba3f --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/aggregate-clusterrole.yaml @@ -0,0 +1,56 @@ +{{- if .Values.rbac.createAggregation }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "flux-operator.fullname" . }}-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - fluxcd.controlplane.io + resources: + - resourcesets + - resourcesetinputproviders + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "flux-operator.fullname" . }}-view + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - fluxcd.controlplane.io + resources: + - resourcesets + - resourcesetinputproviders + verbs: + - get + - list + - watch +{{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml index 804c421b..acdfed24 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml @@ -142,6 +142,11 @@ spec: e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'. pattern: ^oci://.*$ type: string + artifactPullSecret: + description: |- + ArtifactPullSecret is the name of the Kubernetes secret + to use for pulling the Kubernetes manifests for the distribution specified in the Artifact field. + type: string imagePullSecret: description: |- ImagePullSecret is the name of the Kubernetes secret @@ -296,6 +301,19 @@ spec: Path is the path to the source directory containing the kustomize overlay or plain Kubernetes manifests. type: string + provider: + description: |- + Provider specifies OIDC provider for source authentication. + For OCIRepository and Bucket the provider can be set to 'aws', 'azure' or 'gcp'. + for GitRepository the accepted value can be set to 'azure' or 'github'. + To disable OIDC authentication the provider can be set to 'generic' or left empty. + enum: + - generic + - aws + - azure + - gcp + - github + type: string pullSecret: description: |- PullSecret specifies the Kubernetes Secret containing the @@ -734,4 +752,513 @@ spec: storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: resourcesetinputproviders.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: ResourceSetInputProvider + listKind: ResourceSetInputProviderList + plural: resourcesetinputproviders + shortNames: + - rsip + singular: resourcesetinputprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: ResourceSetInputProvider is the Schema for the ResourceSetInputProviders + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ResourceSetInputProviderSpec defines the desired state of + ResourceSetInputProvider + properties: + certSecretRef: + description: |- + CertSecretRef specifies the Kubernetes Secret containing either or both of + + - a PEM-encoded CA certificate (`ca.crt`) + - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`) + + When connecting to a Git provider that uses self-signed certificates, the CA certificate + must be set in the Secret under the 'ca.crt' key to establish the trust relationship. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + defaultValues: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + DefaultValues contains the default values for the inputs. + These values are used to populate the inputs when the provider + response does not contain them. + type: object + filter: + description: Filter defines the filter to apply to the input provider + response. + properties: + excludeBranch: + description: |- + ExcludeBranch specifies the regular expression to filter the branches + that the input provider should exclude. + type: string + includeBranch: + description: |- + IncludeBranch specifies the regular expression to filter the branches + that the input provider should include. + type: string + labels: + description: Labels specifies the list of labels to filter the + input provider response. + items: + type: string + type: array + limit: + description: |- + Limit specifies the maximum number of input sets to return. + When not set, the default limit is 100. + type: integer + type: object + secretRef: + description: |- + SecretRef specifies the Kubernetes Secret containing the basic-auth credentials + to access the input provider. The secret must contain the keys + 'username' and 'password'. + When connecting to a Git provider, the password should be a personal access token + that grants read-only access to the repository. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: + description: Type specifies the type of the input provider. + enum: + - GitHubBranch + - GitHubPullRequest + - GitLabBranch + - GitLabMergeRequest + type: string + url: + description: |- + URL specifies the HTTP/S address of the input provider API. + When connecting to a Git provider, the URL should point to the repository address. + pattern: ^(http|https)://.*$ + type: string + required: + - type + - url + type: object + status: + description: ResourceSetInputProviderStatus defines the observed state + of ResourceSetInputProvider. + properties: + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + exportedInputs: + description: ExportedInputs contains the list of inputs exported by + the provider. + items: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: ResourceSetInput defines the key-value pairs of the + ResourceSet input. + type: object + type: array + lastExportedRevision: + description: |- + LastExportedRevision is the digest of the + inputs that were last reconcile. + type: string + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: resourcesets.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: ResourceSet + listKind: ResourceSetList + plural: resourcesets + shortNames: + - rset + singular: resourceset + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: ResourceSet is the Schema for the ResourceSets API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ResourceSetSpec defines the desired state of ResourceSet + properties: + commonMetadata: + description: |- + CommonMetadata specifies the common labels and annotations that are + applied to all resources. Any existing label or annotation will be + overridden if its key matches a common one. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + dependsOn: + description: |- + DependsOn specifies the list of Kubernetes resources that must + exist on the cluster before the reconciliation process starts. + items: + description: Dependency defines a ResourceSet dependency on a Kubernetes + resource. + properties: + apiVersion: + description: APIVersion of the resource to depend on. + type: string + kind: + description: Kind of the resource to depend on. + type: string + name: + description: Name of the resource to depend on. + type: string + namespace: + description: Namespace of the resource to depend on. + type: string + ready: + description: Ready checks if the resource Ready status condition + is true. + type: boolean + readyExpr: + description: |- + ReadyExpr checks if the resource satisfies the given CEL expression. + The expression replaces the default readiness check and + is only evaluated if Ready is set to 'true'. + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + inputs: + description: Inputs contains the list of ResourceSet inputs. + items: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: ResourceSetInput defines the key-value pairs of the + ResourceSet input. + type: object + type: array + inputsFrom: + description: |- + InputsFrom contains the list of references to input providers. + When set, the inputs are fetched from the providers and concatenated + with the in-line inputs defined in the ResourceSet. + items: + properties: + apiVersion: + description: |- + APIVersion of the input provider resource. + When not set, the APIVersion of the ResourceSet is used. + type: string + kind: + description: Kind of the input provider resource. + enum: + - ResourceSetInputProvider + type: string + name: + description: Name of the input provider resource. + type: string + required: + - kind + - name + type: object + type: array + resources: + description: Resources contains the list of Kubernetes resources to + reconcile. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + resourcesTemplate: + description: |- + ResourcesTemplate is a Go template that generates the list of + Kubernetes resources to reconcile. The template is rendered + as multi-document YAML, the resources should be separated by '---'. + When both Resources and ResourcesTemplate are set, the resulting + objects are merged and deduplicated, with the ones from Resources taking precedence. + type: string + serviceAccountName: + description: |- + The name of the Kubernetes service account to impersonate + when reconciling the generated resources. + type: string + wait: + description: |- + Wait instructs the controller to check the health + of all the reconciled resources. + type: boolean + type: object + status: + description: ResourceSetStatus defines the observed state of ResourceSet. + properties: + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: |- + Inventory contains a list of Kubernetes resource object references + last applied on the cluster. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: |- + ID is the string representation of the Kubernetes resource object's metadata, + in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: |- + LastAppliedRevision is the digest of the + generated resources that were last reconcile. + type: string + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml index dbda7888..1fe17f4f 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml @@ -50,6 +50,9 @@ spec: - name: manager args: - --log-level={{ .Values.logLevel }} + {{- if .Values.multitenancy.enabled }} + - --default-service-account={{ .Values.multitenancy.defaultServiceAccount }} + {{- end }} {{- range .Values.extraArgs }} - {{ . }} {{- end }} @@ -77,7 +80,7 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: IfNotPresent + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" ports: - name: http-metrics containerPort: 8080 diff --git a/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json b/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json index 09a28d0c..326bedfe 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json +++ b/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json @@ -94,6 +94,14 @@ }, "image": { "properties": { + "imagePullPolicy": { + "enum": [ + "IfNotPresent", + "Always", + "Never" + ], + "type": "string" + }, "pullSecrets": { "items": { "type": "object" @@ -169,6 +177,20 @@ }, "type": "object" }, + "multitenancy": { + "properties": { + "defaultServiceAccount": { + "type": "string" + }, + "enabled": { + "type": "boolean" + } + }, + "required": [ + "defaultServiceAccount" + ], + "type": "object" + }, "nameOverride": { "type": "string" }, @@ -183,6 +205,17 @@ "default": "system-cluster-critical", "type": "string" }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + }, + "createAggregation": { + "type": "boolean" + } + }, + "type": "object" + }, "readinessProbe": { "default": { "httpGet": { diff --git a/packages/system/fluxcd-operator/charts/flux-operator/values.yaml b/packages/system/fluxcd-operator/charts/flux-operator/values.yaml index 46ec9ac1..b91a25fd 100644 --- a/packages/system/fluxcd-operator/charts/flux-operator/values.yaml +++ b/packages/system/fluxcd-operator/charts/flux-operator/values.yaml @@ -3,6 +3,11 @@ nameOverride: "" fullnameOverride: "" +# -- Enable [multitenancy lockdown](https://fluxcd.control-plane.io/operator/resourceset/#role-based-access-control) for the ResourceSet APIs. +multitenancy: + enabled: false + defaultServiceAccount: "flux-operator" # @schema required: true + # -- Install and upgrade the custom resource definitions. installCRDs: true # @schema default: true @@ -18,6 +23,7 @@ image: repository: ghcr.io/controlplaneio-fluxcd/flux-operator # @schema required: true tag: "" pullSecrets: [ ] # @schema item: object ; uniqueItems: true + imagePullPolicy: IfNotPresent # @schema enum:[IfNotPresent, Always, Never] # -- Pod priority class name. # Recommended value is system-cluster-critical. @@ -55,6 +61,12 @@ serviceAccount: # @schema default: {"create":true,"automount":true,"name":""} automount: true name: "" +rbac: + # -- Grant the cluster-admin role to the flux-operator service account (required for the Flux Instance deployment). + create: true + # -- Grant the Kubernetes view, edit and admin roles access to ResourceSet APIs. + createAggregation: true + # -- Pod security context settings. podSecurityContext: { } # @schema default: {"fsGroup":1337} diff --git a/packages/system/fluxcd/charts/flux-instance/Chart.yaml b/packages/system/fluxcd/charts/flux-instance/Chart.yaml index 92a87be7..46970bd7 100644 --- a/packages/system/fluxcd/charts/flux-instance/Chart.yaml +++ b/packages/system/fluxcd/charts/flux-instance/Chart.yaml @@ -8,7 +8,7 @@ annotations: - name: Upstream Project url: https://github.com/controlplaneio-fluxcd/flux-operator apiVersion: v2 -appVersion: v0.13.0 +appVersion: v0.17.0 description: 'A Helm chart for deploying a Flux instance managed by Flux Operator. ' home: https://github.com/controlplaneio-fluxcd icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png @@ -25,4 +25,4 @@ sources: - https://github.com/controlplaneio-fluxcd/flux-operator - https://github.com/controlplaneio-fluxcd/charts type: application -version: 0.13.0 +version: 0.17.0 diff --git a/packages/system/fluxcd/charts/flux-instance/README.md b/packages/system/fluxcd/charts/flux-instance/README.md index a25e1994..d2f2f291 100644 --- a/packages/system/fluxcd/charts/flux-instance/README.md +++ b/packages/system/fluxcd/charts/flux-instance/README.md @@ -1,6 +1,6 @@ # flux-instance -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) +![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.17.0](https://img.shields.io/badge/AppVersion-v0.17.0-informational?style=flat-square) This chart is a thin wrapper around the `FluxInstance` custom resource, which is used by the [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) @@ -40,11 +40,11 @@ helm -n flux-system uninstall flux | instance.cluster | object | `{"domain":"cluster.local","multitenant":false,"networkPolicy":true,"tenantDefaultServiceAccount":"default","type":"kubernetes"}` | Cluster https://fluxcd.control-plane.io/operator/fluxinstance/#cluster-configuration | | instance.commonMetadata | object | `{"annotations":{},"labels":{}}` | Common metadata https://fluxcd.control-plane.io/operator/fluxinstance/#common-metadata | | instance.components | list | `["source-controller","kustomize-controller","helm-controller","notification-controller"]` | Components https://fluxcd.control-plane.io/operator/fluxinstance/#components-configuration | -| instance.distribution | object | `{"artifact":"oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest","imagePullSecret":"","registry":"ghcr.io/fluxcd","version":"2.x"}` | Distribution https://fluxcd.control-plane.io/operator/fluxinstance/#distribution-configuration | +| instance.distribution | object | `{"artifact":"oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest","artifactPullSecret":"","imagePullSecret":"","registry":"ghcr.io/fluxcd","version":"2.x"}` | Distribution https://fluxcd.control-plane.io/operator/fluxinstance/#distribution-configuration | | instance.kustomize.patches | list | `[]` | Kustomize patches https://fluxcd.control-plane.io/operator/fluxinstance/#kustomize-patches | | instance.sharding | object | `{"key":"sharding.fluxcd.io/key","shards":[]}` | Sharding https://fluxcd.control-plane.io/operator/fluxinstance/#sharding-configuration | | instance.storage | object | `{"class":"","size":""}` | Storage https://fluxcd.control-plane.io/operator/fluxinstance/#storage-configuration | -| instance.sync | object | `{"kind":"GitRepository","name":"","path":"","pullSecret":"","ref":"","url":""}` | Sync https://fluxcd.control-plane.io/operator/fluxinstance/#sync-configuration | +| instance.sync | object | `{"interval":"1m","kind":"GitRepository","name":"","path":"","provider":"","pullSecret":"","ref":"","url":""}` | Sync https://fluxcd.control-plane.io/operator/fluxinstance/#sync-configuration | | nameOverride | string | `""` | | ## Source Code diff --git a/packages/system/fluxcd/charts/flux-instance/templates/instance.yaml b/packages/system/fluxcd/charts/flux-instance/templates/instance.yaml index a9ac1368..418b21c2 100644 --- a/packages/system/fluxcd/charts/flux-instance/templates/instance.yaml +++ b/packages/system/fluxcd/charts/flux-instance/templates/instance.yaml @@ -17,6 +17,9 @@ spec: version: {{ .Values.instance.distribution.version }} registry: {{ .Values.instance.distribution.registry }} artifact: {{ .Values.instance.distribution.artifact }} + {{- if .Values.instance.distribution.artifactPullSecret }} + artifactPullSecret: {{ .Values.instance.distribution.artifactPullSecret }} + {{- end }} {{- if .Values.instance.distribution.imagePullSecret }} imagePullSecret: {{ .Values.instance.distribution.imagePullSecret }} {{- end }} @@ -37,12 +40,16 @@ spec: {{- if .Values.instance.sync.url }} sync: kind: {{ .Values.instance.sync.kind }} + interval: {{ .Values.instance.sync.interval }} url: {{ .Values.instance.sync.url }} ref: {{ .Values.instance.sync.ref }} path: {{ .Values.instance.sync.path }} {{- if .Values.instance.sync.name }} name: {{ .Values.instance.sync.name }} {{- end }} + {{- if .Values.instance.sync.provider }} + provider: {{ .Values.instance.sync.provider }} + {{- end }} {{- if .Values.instance.sync.pullSecret }} pullSecret: {{ .Values.instance.sync.pullSecret }} {{- end }} diff --git a/packages/system/fluxcd/charts/flux-instance/values.schema.json b/packages/system/fluxcd/charts/flux-instance/values.schema.json index 69375586..cf07b60f 100644 --- a/packages/system/fluxcd/charts/flux-instance/values.schema.json +++ b/packages/system/fluxcd/charts/flux-instance/values.schema.json @@ -74,6 +74,9 @@ "artifact": { "type": "string" }, + "artifactPullSecret": { + "type": "string" + }, "imagePullSecret": { "type": "string" }, @@ -128,6 +131,9 @@ }, "sync": { "properties": { + "interval": { + "type": "string" + }, "kind": { "enum": [ "GitRepository", @@ -142,6 +148,9 @@ "path": { "type": "string" }, + "provider": { + "type": "string" + }, "pullSecret": { "type": "string" }, diff --git a/packages/system/fluxcd/charts/flux-instance/values.yaml b/packages/system/fluxcd/charts/flux-instance/values.yaml index 69108c34..5b324b04 100644 --- a/packages/system/fluxcd/charts/flux-instance/values.yaml +++ b/packages/system/fluxcd/charts/flux-instance/values.yaml @@ -9,6 +9,7 @@ instance: version: "2.x" # @schema required: true registry: "ghcr.io/fluxcd" # @schema required: true artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest" + artifactPullSecret: "" imagePullSecret: "" # -- Components https://fluxcd.control-plane.io/operator/fluxinstance/#components-configuration components: # @schema item: string; uniqueItems: true; itemEnum: [source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller] @@ -37,12 +38,14 @@ instance: shards: [] # @schema item: string # -- Sync https://fluxcd.control-plane.io/operator/fluxinstance/#sync-configuration sync: # @schema required: false + interval: 1m kind: "GitRepository" # @schema enum:[GitRepository,OCIRepository,Bucket] url: "" ref: "" path: "" pullSecret: "" name: "" + provider: "" kustomize: # @schema required: false # -- Kustomize patches https://fluxcd.control-plane.io/operator/fluxinstance/#kustomize-patches patches: [] # @schema item: object diff --git a/packages/system/fluxcd/values.yaml b/packages/system/fluxcd/values.yaml index 2d0580d0..6318ebee 100644 --- a/packages/system/fluxcd/values.yaml +++ b/packages/system/fluxcd/values.yaml @@ -4,7 +4,7 @@ flux-instance: networkPolicy: true domain: cozy.local # -- default value is overriden in patches distribution: - version: 2.4.x + version: 2.5.x registry: ghcr.io/fluxcd components: - source-controller diff --git a/packages/system/goldpinger/Chart.yaml b/packages/system/goldpinger/Chart.yaml new file mode 100644 index 00000000..db7c25e3 --- /dev/null +++ b/packages/system/goldpinger/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-goldpinger +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/goldpinger/Makefile b/packages/system/goldpinger/Makefile new file mode 100644 index 00000000..3ddd79ba --- /dev/null +++ b/packages/system/goldpinger/Makefile @@ -0,0 +1,7 @@ +include ../../../scripts/package.mk + +update: + rm -rf charts + helm repo add goldpinger https://bloomberg.github.io/goldpinger + helm repo update goldpinger + helm pull goldpinger/goldpinger --untar --untardir charts diff --git a/packages/system/goldpinger/charts/goldpinger/.helmignore b/packages/system/goldpinger/charts/goldpinger/.helmignore new file mode 100644 index 00000000..825c0077 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +OWNERS diff --git a/packages/system/goldpinger/charts/goldpinger/Chart.yaml b/packages/system/goldpinger/charts/goldpinger/Chart.yaml new file mode 100644 index 00000000..932c0425 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +appVersion: 3.10.2 +description: Goldpinger is a tool to help debug, troubleshoot and visualize network + connectivity and slowness issues. +home: https://github.com/bloomberg/goldpinger +name: goldpinger +sources: +- https://github.com/bloomberg/goldpinger +version: 1.0.1 diff --git a/packages/system/goldpinger/charts/goldpinger/templates/_helpers.tpl b/packages/system/goldpinger/charts/goldpinger/templates/_helpers.tpl new file mode 100644 index 00000000..c9a0eb67 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "goldpinger.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "goldpinger.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "goldpinger.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "goldpinger.labels" -}} +helm.sh/chart: {{ include "goldpinger.chart" . }} +{{ include "goldpinger.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "goldpinger.selectorLabels" -}} +app.kubernetes.io/name: {{ include "goldpinger.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "goldpinger.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "goldpinger.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/clusterrole.yaml b/packages/system/goldpinger/charts/goldpinger/templates/clusterrole.yaml new file mode 100644 index 00000000..8404c648 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/clusterrole.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.rbac.create .Values.rbac.clusterscoped }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "goldpinger.fullname" . }}-clusterrole + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/clusterrolebinding.yaml b/packages/system/goldpinger/charts/goldpinger/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..3ba52c35 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create .Values.rbac.clusterscoped }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "goldpinger.fullname" . }}-clusterrolebinding + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "goldpinger.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "goldpinger.fullname" . }}-clusterrole + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/configmap.yaml b/packages/system/goldpinger/charts/goldpinger/templates/configmap.yaml new file mode 100644 index 00000000..a0a618b7 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "goldpinger.fullname" . }}-zap + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +data: + zap.json: {{ .Values.goldpinger.zapConfig | toJson }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/daemonset.yaml b/packages/system/goldpinger/charts/goldpinger/templates/daemonset.yaml new file mode 100644 index 00000000..54034a64 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/daemonset.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "goldpinger.fullname" . }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +spec: + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "goldpinger.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{ toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "goldpinger.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + spec: + priorityClassName: {{ .Values.priorityClassName }} + serviceAccountName: {{ include "goldpinger.serviceAccountName" . }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: goldpinger-daemon + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: zap + mountPath: /config + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST + value: "0.0.0.0" + - name: PORT + value: "{{ .Values.goldpinger.port }}" + - name: LABEL_SELECTOR + value: "app.kubernetes.io/name={{ include "goldpinger.name" . }}" + {{- if .Values.extraEnv -}} + {{ toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.goldpinger.port }} + protocol: TCP + {{- range $k := .Values.extraEnv }} + {{- if and (eq $k.name "USE_HOST_IP") (eq $k.value "true") }} + hostPort: {{ $.Values.goldpinger.port }} + {{- end }} + {{- end }} + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: zap + configMap: + name: {{ include "goldpinger.fullname" . }}-zap + {{- range $k := .Values.extraEnv }} + {{- if and (eq $k.name "USE_HOST_IP") (eq $k.value "true") }} + hostNetwork: true + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/ingress.yaml b/packages/system/goldpinger/charts/goldpinger/templates/ingress.yaml new file mode 100644 index 00000000..899b2c5f --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "goldpinger.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/prometheusrule.yaml b/packages/system/goldpinger/charts/goldpinger/templates/prometheusrule.yaml new file mode 100644 index 00000000..54a840f5 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/prometheusrule.yaml @@ -0,0 +1,19 @@ +{{- if .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "goldpinger.fullname" . }} + {{- if .Values.prometheusRule.namespace }} + namespace: {{ .Values.prometheusRule.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +spec: + {{- with .Values.prometheusRule.rules }} + groups: + - name: {{ template "goldpinger.name" $ }} + rules: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/role.yaml b/packages/system/goldpinger/charts/goldpinger/templates/role.yaml new file mode 100644 index 00000000..0b85f3f1 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/role.yaml @@ -0,0 +1,20 @@ +{{- if or .Values.podSecurityPolicy.enabled (not .Values.rbac.clusterscoped) }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "goldpinger.fullname" . }}-pod-security-policy + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +rules: +{{- if not .Values.rbac.clusterscoped }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] +{{- end }} +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + resourceNames: [{{ .Values.podSecurityPolicy.policyName | quote }}] + verbs: ["use"] +{{- end }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/rolebinding.yaml b/packages/system/goldpinger/charts/goldpinger/templates/rolebinding.yaml new file mode 100644 index 00000000..34c0bc44 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.podSecurityPolicy.enabled (not .Values.rbac.clusterscoped) }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "goldpinger.fullname" . }}-pod-security-policy + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +roleRef: + kind: Role + name: {{ include "goldpinger.fullname" . }}-pod-security-policy + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "goldpinger.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/service.yaml b/packages/system/goldpinger/charts/goldpinger/templates/service.yaml new file mode 100644 index 00000000..43a3e85d --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "goldpinger.fullname" . }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +{{- with .Values.service.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.goldpinger.port }} + protocol: TCP + name: http + selector: + {{- include "goldpinger.selectorLabels" . | nindent 4 }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/serviceaccount.yaml b/packages/system/goldpinger/charts/goldpinger/templates/serviceaccount.yaml new file mode 100644 index 00000000..55564331 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "goldpinger.serviceAccountName" . }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} +{{- end }} diff --git a/packages/system/goldpinger/charts/goldpinger/templates/servicemonitor.yaml b/packages/system/goldpinger/charts/goldpinger/templates/servicemonitor.yaml new file mode 100644 index 00000000..6e2463ec --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/templates/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "goldpinger.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "goldpinger.labels" . | nindent 4 }} + {{- range $key, $value := .Values.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + endpoints: + - port: http + interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.honorLabels }} + honorLabels: true + {{- end }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + jobLabel: name + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "goldpinger.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/packages/system/goldpinger/charts/goldpinger/values.yaml b/packages/system/goldpinger/charts/goldpinger/values.yaml new file mode 100644 index 00000000..1c80a1b1 --- /dev/null +++ b/packages/system/goldpinger/charts/goldpinger/values.yaml @@ -0,0 +1,166 @@ +# Default values for goldpinger. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: bloomberg/goldpinger + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +rbac: + create: true + clusterscoped: true + +serviceAccount: + create: true + name: + +goldpinger: + port: 8080 + zapConfig: | + { + "level": "info", + "encoding": "json", + "outputPaths": [ + "stdout" + ], + "errorOutputPaths": [ + "stderr" + ], + "initialFields": { + }, + "encoderConfig": { + "messageKey": "message", + "levelKey": "level", + "levelEncoder": "lowercase", + "timeKey": "ts", + "timeEncoder": "ISO8601", + "callerKey": "caller", + "callerEncoder": "Short" + } + } + +extraEnv: [] + +service: + type: ClusterIP + port: 8081 + annotations: {} + labels: {} + loadBalancerSourceRanges: {} + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +## Set a priorityClassName for the pod. If left blank a default priority will be set. +priorityClassName: + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +podAnnotations: {} + +podLabels: {} + +updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Enable this if pod security policy enabled in your cluster +## It will bind ServiceAccount with unrestricted podSecurityPolicy +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + policyName: unrestricted-psp + +## Set security context of the goldpinger container +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +containerSecurityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + +## Set security context of the pod +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault + +serviceMonitor: + enabled: false + selector: + prometheus: "kube-prometheus" + # namespace: monitoring + interval: 30s + # honorLabels: true + metricRelabelings: [] + # - action: drop + # source_labels: [__name__] + # regex: goldpinger_peers_response_time_s_bucket + +## Custom PrometheusRule to be defined +## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions +prometheusRule: + enabled: false + rules: + - alert: goldpinger_nodes_unhealthy + expr: | + sum(goldpinger_nodes_health_total{job="{{ template "goldpinger.fullname" . }}", status="unhealthy"}) + BY (instance, goldpinger_instance) > 0 + for: 5m + annotations: + description: | + Goldpinger instance {{ "{{ $labels.goldpinger_instance }}" }} has been reporting unhealthy nodes for at least 5 minutes. + summary: Instance {{ "{{ $labels.instance }}" }} down + labels: + severity: warning diff --git a/packages/system/goldpinger/values.yaml b/packages/system/goldpinger/values.yaml new file mode 100644 index 00000000..fb535206 --- /dev/null +++ b/packages/system/goldpinger/values.yaml @@ -0,0 +1,5 @@ +goldpinger: + serviceMonitor: + enabled: true + prometheusRule: + enabled: true diff --git a/packages/system/kafka-operator/templates/prometheus-rules.yaml b/packages/system/kafka-operator/alerts/prometheus-rules.yaml similarity index 100% rename from packages/system/kafka-operator/templates/prometheus-rules.yaml rename to packages/system/kafka-operator/alerts/prometheus-rules.yaml diff --git a/packages/system/kafka-operator/templates/alerts.yaml b/packages/system/kafka-operator/templates/alerts.yaml new file mode 100644 index 00000000..70d47014 --- /dev/null +++ b/packages/system/kafka-operator/templates/alerts.yaml @@ -0,0 +1,7 @@ +{{- $files := .Files.Glob "alerts/*.yaml" -}} +{{- range $path, $file := $files }} +--- +# from: {{ $path }} +{{ toString $file }} + +{{- end -}} diff --git a/packages/system/kamaji/Makefile b/packages/system/kamaji/Makefile index b7fcac5c..0956527d 100644 --- a/packages/system/kamaji/Makefile +++ b/packages/system/kamaji/Makefile @@ -19,7 +19,7 @@ image: --cache-to type=inline \ --metadata-file images/kamaji.json \ --push=$(PUSH) \ - --label "org.opencontainers.image.source=https://github.com/aenix-io/cozystack" + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" --load=$(LOAD) REPOSITORY="$(REGISTRY)/kamaji" \ yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml diff --git a/packages/system/kamaji/charts/kamaji/Chart.lock b/packages/system/kamaji/charts/kamaji/Chart.lock index de604948..98e5e647 100644 --- a/packages/system/kamaji/charts/kamaji/Chart.lock +++ b/packages/system/kamaji/charts/kamaji/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kamaji-etcd repository: https://clastix.github.io/charts - version: 0.8.0 -digest: sha256:525b0eb2b5bae709d62de9328312d42c54b5219c6df67061de0da79eeca04fb3 -generated: "2024-08-25T08:44:24.92211307+02:00" + version: 0.8.1 +digest: sha256:381d8ef9619c2daeea37e40c6a9772ae3e5cee80887148879db04e887d5364ad +generated: "2024-10-25T19:28:40.880766186+02:00" diff --git a/packages/system/kamaji/charts/kamaji/Chart.yaml b/packages/system/kamaji/charts/kamaji/Chart.yaml index 5519b8f6..1a84e3db 100644 --- a/packages/system/kamaji/charts/kamaji/Chart.yaml +++ b/packages/system/kamaji/charts/kamaji/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v1.0.0 +appVersion: v0.0.0 description: Kamaji is the Hosted Control Plane Manager for Kubernetes. home: https://github.com/clastix/kamaji icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png @@ -17,11 +17,11 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 2.0.0 +version: 0.0.0 dependencies: - name: kamaji-etcd repository: https://clastix.github.io/charts - version: ">=0.7.0" + version: ">=0.8.1" condition: kamaji-etcd.deploy annotations: catalog.cattle.io/certified: partner diff --git a/packages/system/kamaji/charts/kamaji/README.md b/packages/system/kamaji/charts/kamaji/README.md index a98bb0e3..76221358 100644 --- a/packages/system/kamaji/charts/kamaji/README.md +++ b/packages/system/kamaji/charts/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) Kamaji is the Hosted Control Plane Manager for Kubernetes. @@ -22,7 +22,7 @@ Kubernetes: `>=1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| https://clastix.github.io/charts | kamaji-etcd | >=0.7.0 | +| https://clastix.github.io/charts | kamaji-etcd | >=0.8.1 | [Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster. This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`. @@ -70,7 +70,7 @@ Here the values you can override: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods | -| defaultDatastoreName | string | `"default"` | Specify the default DataStore name for the Kamaji instance. | +| defaultDatastoreName | string | `"default"` | If specified, all the Kamaji instances with an unassigned DataStore will inherit this default value. | | extraArgs | list | `[]` | A list of extra arguments to add to the kamaji controller default ones | | fullnameOverride | string | `""` | | | healthProbeBindAddress | string | `":8081"` | The address the probe endpoint binds to. (default ":8081") | diff --git a/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml b/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml index cc2c141f..c1d38be7 100644 --- a/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml +++ b/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml @@ -66,7 +66,6 @@ spec: metadata: type: object spec: - description: TenantControlPlaneSpec defines the desired state of TenantControlPlane. properties: addons: description: Addons contain which addons are enabled @@ -6413,10 +6412,23 @@ spec: type: object dataStore: description: |- - DataStore allows to specify a DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane. - This parameter is optional and acts as an override over the default one which is used by the Kamaji Operator. - Migration from a different DataStore to another one is not yet supported and the reconciliation will be blocked. + DataStore specifies the DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane. + When Kamaji runs with the default DataStore flag, all empty values will inherit the default value. + By leaving it empty and running Kamaji with no default DataStore flag, it is possible to achieve automatic assignment to a specific DataStore object. + + Migration from one DataStore to another backed by the same Driver is possible. See: https://kamaji.clastix.io/guides/datastore-migration/ + Migration from one DataStore to another backed by a different Driver is not supported. type: string + dataStoreSchema: + description: |- + DataStoreSchema allows to specify the name of the database (for relational DataStores) or the key prefix (for etcd). This + value is optional and immutable. Note that Kamaji currently doesn't ensure that DataStoreSchema values are unique. It's up + to the user to avoid clashes between different TenantControlPlanes. If not set upon creation, Kamaji will default the + DataStoreSchema by concatenating the namespace and name of the TenantControlPlane. + type: string + x-kubernetes-validations: + - message: changing the dataStoreSchema is not supported + rule: self == oldSelf kubernetes: description: Kubernetes specification for tenant control plane properties: @@ -6539,15 +6551,47 @@ spec: items: type: string type: array + clusterDomain: + default: cluster.local + description: The default domain name used for DNS resolution within the cluster. + pattern: .*\..* + type: string + x-kubernetes-validations: + - message: changing the cluster domain is not supported + rule: self == oldSelf dnsServiceIPs: - default: - - 10.96.0.10 + description: |- + The DNS Service for internal resolution, it must match the Service CIDR. + In case of an empty value, it is automatically computed according to the Service CIDR, e.g.: + Service CIDR 10.96.0.0/16, the resulting DNS Service IP will be 10.96.0.10 for IPv4, + for IPv6 from the CIDR 2001:db8:abcd::/64 the resulting DNS Service IP will be 2001:db8:abcd::10. + items: + type: string + type: array + loadBalancerClass: + description: |- + Specify the LoadBalancer class in case of multiple load balancer implementations. + Field supported only for Tenant Control Plane instances exposed using a LoadBalancer Service. + minLength: 1 + type: string + x-kubernetes-validations: + - message: LoadBalancerClass is immutable + rule: self == oldSelf + loadBalancerSourceRanges: + description: |- + LoadBalancerSourceRanges restricts the IP ranges that can access + the LoadBalancer type Service. This field defines a list of IP + address ranges (in CIDR format) that are allowed to access the service. + If left empty, the service will allow traffic from all IP ranges (0.0.0.0/0). + This feature is useful for restricting access to API servers or services + to specific networks for security purposes. + Example: {"192.168.1.0/24", "10.0.0.0/8"} items: type: string type: array podCidr: default: 10.244.0.0/16 - description: CIDR for Kubernetes Pods + description: 'CIDR for Kubernetes Pods: if empty, defaulted to 10.244.0.0/16.' type: string port: default: 6443 @@ -6556,13 +6600,24 @@ spec: type: integer serviceCidr: default: 10.96.0.0/16 - description: Kubernetes Service + description: 'CIDR for Kubernetes Services: if empty, defaulted to 10.96.0.0/16.' type: string type: object required: - controlPlane - kubernetes type: object + x-kubernetes-validations: + - message: unsetting the dataStore is not supported + rule: '!has(oldSelf.dataStore) || has(self.dataStore)' + - message: unsetting the dataStoreSchema is not supported + rule: '!has(oldSelf.dataStoreSchema) || has(self.dataStoreSchema)' + - message: LoadBalancer source ranges are supported only with LoadBalancer service type + rule: '!has(self.networkProfile.loadBalancerSourceRanges) || (size(self.networkProfile.loadBalancerSourceRanges) == 0 || self.controlPlane.service.serviceType == ''LoadBalancer'')' + - message: LoadBalancerClass is supported only with LoadBalancer service type + rule: '!has(self.networkProfile.loadBalancerClass) || self.controlPlane.service.serviceType == ''LoadBalancer''' + - message: LoadBalancerClass cannot be set or unset at runtime + rule: self.controlPlane.service.serviceType != 'LoadBalancer' || (oldSelf.controlPlane.service.serviceType != 'LoadBalancer' && self.controlPlane.service.serviceType == 'LoadBalancer') || has(self.networkProfile.loadBalancerClass) == has(oldSelf.networkProfile.loadBalancerClass) status: description: TenantControlPlaneStatus defines the observed state of TenantControlPlane. properties: diff --git a/packages/system/kamaji/charts/kamaji/templates/controller.yaml b/packages/system/kamaji/charts/kamaji/templates/controller.yaml index d4ca6dc5..38d635dd 100644 --- a/packages/system/kamaji/charts/kamaji/templates/controller.yaml +++ b/packages/system/kamaji/charts/kamaji/templates/controller.yaml @@ -33,8 +33,9 @@ spec: - --leader-elect - --metrics-bind-address={{ .Values.metricsBindAddress }} - --tmp-directory={{ .Values.temporaryDirectoryPath }} - {{- $datastoreName := .Values.defaultDatastoreName | required ".Values.defaultDatastoreName is required!" }} - - --datastore={{ $datastoreName }} + {{- if not (eq .Values.defaultDatastoreName "") }} + - --datastore={{ .Values.defaultDatastoreName }} + {{- end }} {{- if .Values.telemetry.disabled }} - --disable-telemetry {{- end }} diff --git a/packages/system/kamaji/charts/kamaji/values.yaml b/packages/system/kamaji/charts/kamaji/values.yaml index 21b529e0..79dd254a 100644 --- a/packages/system/kamaji/charts/kamaji/values.yaml +++ b/packages/system/kamaji/charts/kamaji/values.yaml @@ -95,7 +95,7 @@ loggingDevel: # -- Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default false) enable: false -# -- Specify the default DataStore name for the Kamaji instance. +# -- If specified, all the Kamaji instances with an unassigned DataStore will inherit this default value. defaultDatastoreName: default kamaji-etcd: diff --git a/packages/system/kamaji/images/kamaji/Dockerfile b/packages/system/kamaji/images/kamaji/Dockerfile index a5f2d2f5..00d9b7a8 100644 --- a/packages/system/kamaji/images/kamaji/Dockerfile +++ b/packages/system/kamaji/images/kamaji/Dockerfile @@ -1,7 +1,7 @@ # Build the manager binary FROM golang:1.23 as builder -ARG VERSION=edge-24.9.2 +ARG VERSION=edge-24.12.1 ARG TARGETOS TARGETARCH WORKDIR /workspace @@ -9,7 +9,7 @@ WORKDIR /workspace RUN curl -sSL https://github.com/clastix/kamaji/archive/refs/tags/${VERSION}.tar.gz | tar -xzvf- --strip=1 COPY patches /patches -RUN git apply /patches/disable-datastore-check.diff +RUN git apply /patches/*.diff RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \ -ldflags "-X github.com/clastix/kamaji/internal.GitRepo=$GIT_REPO -X github.com/clastix/kamaji/internal.GitTag=$GIT_LAST_TAG -X github.com/clastix/kamaji/internal.GitCommit=$GIT_HEAD_COMMIT -X github.com/clastix/kamaji/internal.GitDirty=$GIT_MODIFIED -X github.com/clastix/kamaji/internal.BuildTime=$BUILD_DATE" \ diff --git a/packages/system/kamaji/images/kamaji/patches/hardcode-port.diff b/packages/system/kamaji/images/kamaji/patches/hardcode-port.diff new file mode 100644 index 00000000..5e80d417 --- /dev/null +++ b/packages/system/kamaji/images/kamaji/patches/hardcode-port.diff @@ -0,0 +1,13 @@ +diff --git a/internal/resources/kubeadm_config.go b/internal/resources/kubeadm_config.go +index ae4cfc0..ec7a7da 100644 +--- a/internal/resources/kubeadm_config.go ++++ b/internal/resources/kubeadm_config.go +@@ -96,7 +96,7 @@ func (r *KubeadmConfigResource) mutate(ctx context.Context, tenantControlPlane * + TenantControlPlanePort: port, + TenantControlPlaneName: tenantControlPlane.GetName(), + TenantControlPlaneNamespace: tenantControlPlane.GetNamespace(), +- TenantControlPlaneEndpoint: r.getControlPlaneEndpoint(tenantControlPlane.Spec.ControlPlane.Ingress, address, port), ++ TenantControlPlaneEndpoint: r.getControlPlaneEndpoint(tenantControlPlane.Spec.ControlPlane.Ingress, address, 443), + TenantControlPlaneCertSANs: tenantControlPlane.Spec.NetworkProfile.CertSANs, + TenantControlPlaneClusterDomain: tenantControlPlane.Spec.NetworkProfile.ClusterDomain, + TenantControlPlanePodCIDR: tenantControlPlane.Spec.NetworkProfile.PodCIDR, diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 4e4abb60..afe040cd 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,8 +3,8 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.25.2@sha256:229646a728b58dd0c55dae7abd721ab23e3feecd61f55fa3ad24bb3a614d558f - repository: ghcr.io/aenix-io/cozystack/kamaji + tag: v0.28.0@sha256:a08dfd9be67e0dc089be14a9d29cdd65e6301b3a43d1fa01ff479d43d384c2a7 + repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: cpu: 200m diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index c3738261..3e32178d 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -7,6 +7,7 @@ {{- $existingK8sSecret := lookup "v1" "Secret" .Release.Namespace "k8s-client" }} {{- $existingKubeappsSecret := lookup "v1" "Secret" .Release.Namespace "kubeapps-client" }} {{- $existingAuthConfig := lookup "v1" "Secret" "cozy-dashboard" "kubeapps-auth-config" }} +{{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} {{ $k8sClient := "" }} {{- if $existingK8sSecret }} @@ -29,8 +30,10 @@ {{- $cookieSecret = randAlphaNum 16 }} {{- end }} -{{- $wlConfigmap := lookup "v1" "ConfigMap" "cozy-dashboard" "white-label" }} -{{- $locale := index $wlConfigmap.data "locale" }} +{{ $branding := "" }} +{{- if $cozystackBranding }} + {{- $branding = index $cozystackBranding.data "branding" }} +{{- end }} --- @@ -86,8 +89,9 @@ metadata: spec: realmName: cozy clusterKeycloakRef: keycloak-cozy - {{- if $locale }} - displayNameHtml: {{ $locale }} + {{- if $branding }} + displayHtmlName: {{ $branding }} + displayName: {{ $branding }} {{- end }} --- diff --git a/packages/system/keycloak/templates/db.yaml b/packages/system/keycloak/templates/db.yaml index ad374bda..8fda228a 100644 --- a/packages/system/keycloak/templates/db.yaml +++ b/packages/system/keycloak/templates/db.yaml @@ -6,7 +6,13 @@ spec: instances: 2 storage: size: 20Gi - + {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }} + {{- if $configMap }} + {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }} + {{- if $rawConstraints }} + {{- $rawConstraints | fromYaml | toYaml | nindent 2 }} + {{- end }} + {{- end }} monitoring: enablePodMonitor: true diff --git a/packages/system/kubeovn-webhook/Chart.yaml b/packages/system/kubeovn-webhook/Chart.yaml new file mode 100644 index 00000000..f2c1e1b0 --- /dev/null +++ b/packages/system/kubeovn-webhook/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: cozy-kubeovn-webhook +description: Helm chart for a mutating admission webhook that copies Namespace annotations into Pods +type: application +version: 0.1.0 +appVersion: "1.0.0" diff --git a/packages/system/kubeovn-webhook/Makefile b/packages/system/kubeovn-webhook/Makefile new file mode 100644 index 00000000..2605ca5e --- /dev/null +++ b/packages/system/kubeovn-webhook/Makefile @@ -0,0 +1,19 @@ +export NAME=kubeovn-webhook +export NAMESPACE=cozy-kubeovn + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +image: + docker buildx build images/kubeovn-webhook \ + --provenance false \ + --tag $(REGISTRY)/kubeovn-webhook:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/kubeovn-webhook:latest \ + --cache-to type=inline \ + --metadata-file images/kubeovn-webhook.json \ + --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" + --load=$(LOAD) + IMAGE="$(REGISTRY)/kubeovn-webhook:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/kubeovn-webhook.json -o json -r)" \ + yq -i '.image = strenv(IMAGE)' values.yaml + rm -f images/kubeovn-webhook.json diff --git a/packages/system/kubeovn-webhook/images/kubeovn-webhook/Dockerfile b/packages/system/kubeovn-webhook/images/kubeovn-webhook/Dockerfile new file mode 100644 index 00000000..337e72e4 --- /dev/null +++ b/packages/system/kubeovn-webhook/images/kubeovn-webhook/Dockerfile @@ -0,0 +1,17 @@ +FROM golang:1.23 as builder + +WORKDIR /app +COPY go.mod go.sum ./ +RUN go mod download + +COPY . . +RUN CGO_ENABLED=0 GOOS=linux go build -o webhook . + +FROM alpine:3.21.3 +WORKDIR /app + +COPY --from=builder /app/webhook /app/webhook + +EXPOSE 8443 +USER 65534 +ENTRYPOINT ["/app/webhook", "--tls-cert-file=/etc/webhook/certs/tls.crt", "--tls-key-file=/etc/webhook/certs/tls.key"] diff --git a/packages/system/kubeovn-webhook/images/kubeovn-webhook/admission.go b/packages/system/kubeovn-webhook/images/kubeovn-webhook/admission.go new file mode 100644 index 00000000..6f037b06 --- /dev/null +++ b/packages/system/kubeovn-webhook/images/kubeovn-webhook/admission.go @@ -0,0 +1,161 @@ +package main + +import ( + "context" + "encoding/json" + "fmt" + "io" + "log" + "net/http" + + admissionv1 "k8s.io/api/admission/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/mattbaird/jsonpatch" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" +) + +const ( + AnnotationRoutes = "ovn.kubernetes.io/routes" + AnnotationPortSecurity = "ovn.kubernetes.io/port_security" +) + +func HandleMutatePods(w http.ResponseWriter, r *http.Request) { + body, err := io.ReadAll(r.Body) + if err != nil { + http.Error(w, "could not read request body", http.StatusBadRequest) + return + } + defer r.Body.Close() + + var admissionReviewReq admissionv1.AdmissionReview + if err := json.Unmarshal(body, &admissionReviewReq); err != nil { + http.Error(w, "could not unmarshal request", http.StatusBadRequest) + return + } + + admissionReviewResp := admissionv1.AdmissionReview{ + TypeMeta: admissionReviewReq.TypeMeta, + } + admissionResponse := &admissionv1.AdmissionResponse{ + UID: admissionReviewReq.Request.UID, + } + admissionReviewResp.Response = admissionResponse + + if admissionReviewReq.Request.Operation != admissionv1.Create || + admissionReviewReq.Request.Kind.Kind != "Pod" { + admissionResponse.Allowed = true + writeResponse(w, admissionReviewResp) + return + } + + raw := admissionReviewReq.Request.Object.Raw + var pod corev1.Pod + if err := json.Unmarshal(raw, &pod); err != nil { + admissionResponse.Allowed = true + writeResponse(w, admissionReviewResp) + return + } + + ns := admissionReviewReq.Request.Namespace + nsAnnotations, err := getNamespaceAnnotations(ns) + if err != nil { + log.Printf("Failed to get namespace %q: %v", ns, err) + admissionResponse.Allowed = true + writeResponse(w, admissionReviewResp) + return + } + + mergedAnnotations := map[string]string{} + if pod.Annotations != nil { + for k, v := range pod.Annotations { + mergedAnnotations[k] = v + } + } + + nsRoutes, nsHasRoutes := nsAnnotations[AnnotationRoutes] + if nsHasRoutes { + if _, alreadySet := mergedAnnotations[AnnotationRoutes]; !alreadySet { + mergedAnnotations[AnnotationRoutes] = nsRoutes + } + } else if RoutesGlobal != "" { + if _, alreadySet := mergedAnnotations[AnnotationRoutes]; !alreadySet { + mergedAnnotations[AnnotationRoutes] = RoutesGlobal + } + } + + nsPortSec, nsHasPortSec := nsAnnotations[AnnotationPortSecurity] + finalPortSec := "" + if nsHasPortSec { + finalPortSec = nsPortSec + } else if PortSecurityGlobal { + finalPortSec = "true" + } + + if finalPortSec != "" { + if _, alreadySet := mergedAnnotations[AnnotationPortSecurity]; !alreadySet { + mergedAnnotations[AnnotationPortSecurity] = finalPortSec + } + } + + if len(mergedAnnotations) == len(pod.Annotations) { + admissionResponse.Allowed = true + writeResponse(w, admissionReviewResp) + return + } + + op := "replace" + if pod.Annotations == nil { + op = "add" + } + + patches := []jsonpatch.JsonPatchOperation{{ + Operation: op, + Path: "/metadata/annotations", + Value: mergedAnnotations, + }} + + patchBytes, err := json.Marshal(patches) + if err != nil { + log.Printf("Failed to marshal patch: %v", err) + admissionResponse.Allowed = true + writeResponse(w, admissionReviewResp) + return + } + + admissionResponse.Allowed = true + admissionResponse.Patch = patchBytes + pt := admissionv1.PatchTypeJSONPatch + admissionResponse.PatchType = &pt + + writeResponse(w, admissionReviewResp) +} + +func getNamespaceAnnotations(namespace string) (map[string]string, error) { + config, err := rest.InClusterConfig() + if err != nil { + return nil, err + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + return nil, err + } + + ns, err := clientset.CoreV1().Namespaces().Get(context.Background(), namespace, metav1.GetOptions{}) + if err != nil { + return nil, err + } + return ns.Annotations, nil +} + +func writeResponse(w http.ResponseWriter, review admissionv1.AdmissionReview) { + resp, err := json.Marshal(review) + if err != nil { + http.Error(w, fmt.Sprintf("could not marshal response: %v", err), http.StatusInternalServerError) + return + } + w.Header().Set("Content-Type", "application/json") + _, _ = w.Write(resp) +} diff --git a/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.mod b/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.mod new file mode 100644 index 00000000..9befcd00 --- /dev/null +++ b/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.mod @@ -0,0 +1,47 @@ +module kube-ovn-webhook + +go 1.23 + +require ( + github.com/mattbaird/jsonpatch v0.0.0-20240118010651-0ba75a80ca38 + k8s.io/api v0.26.0 + k8s.io/apimachinery v0.26.0 + k8s.io/client-go v0.26.0 +) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/go-logr/logr v1.2.3 // indirect + github.com/go-openapi/jsonpointer v0.19.5 // indirect + github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/go-openapi/swag v0.19.14 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/gofuzz v1.1.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.6 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 // indirect + golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect + golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.28.1 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.80.1 // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect + sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) diff --git a/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.sum b/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.sum new file mode 100644 index 00000000..a2a4e312 --- /dev/null +++ b/packages/system/kubeovn-webhook/images/kubeovn-webhook/go.sum @@ -0,0 +1,478 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= +github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= +github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattbaird/jsonpatch v0.0.0-20240118010651-0ba75a80ca38 h1:hQWBtNqRYrI7CWIaUSXXtNKR90KzcUA5uiuxFVWw7sU= +github.com/mattbaird/jsonpatch v0.0.0-20240118010651-0ba75a80ca38/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= +github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= +k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= +k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= +k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= +k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/packages/system/kubeovn-webhook/images/kubeovn-webhook/main.go b/packages/system/kubeovn-webhook/images/kubeovn-webhook/main.go new file mode 100644 index 00000000..70185961 --- /dev/null +++ b/packages/system/kubeovn-webhook/images/kubeovn-webhook/main.go @@ -0,0 +1,48 @@ +package main + +import ( + "crypto/tls" + "flag" + "log" + "net/http" +) + +var ( + PortSecurityGlobal bool + RoutesGlobal string +) + +func main() { + var ( + tlsCertFile string + tlsKeyFile string + ) + + flag.StringVar(&tlsCertFile, "tls-cert-file", "/etc/webhook/certs/tls.crt", "TLS certificate file.") + flag.StringVar(&tlsKeyFile, "tls-key-file", "/etc/webhook/certs/tls.key", "TLS key file.") + flag.BoolVar(&PortSecurityGlobal, "port-security", true, "If false, skip adding port_security unless specified by the Namespace.") + flag.StringVar(&RoutesGlobal, "routes", "", "Default ovn.kubernetes.io/routes if not in Namespace.") + + flag.Parse() + + mux := http.NewServeMux() + mux.HandleFunc("/mutate-pods", HandleMutatePods) + + tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile) + if err != nil { + log.Fatalf("Failed to load key pair: %v", err) + } + + server := &http.Server{ + Addr: ":8443", + TLSConfig: &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + }, + Handler: mux, + } + + log.Printf("Starting webhook server on %s", server.Addr) + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatalf("Failed to start server: %v", err) + } +} diff --git a/packages/system/kubeovn-webhook/templates/_helpers.tpl b/packages/system/kubeovn-webhook/templates/_helpers.tpl new file mode 100644 index 00000000..e0a407ae --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "namespace-annotation-webhook.name" -}} +kube-ovn-webhook +{{- end }} + +{{- define "namespace-annotation-webhook.fullname" -}} +kube-ovn-webhook +{{- end }} diff --git a/packages/system/kubeovn-webhook/templates/certmanager.yaml b/packages/system/kubeovn-webhook/templates/certmanager.yaml new file mode 100644 index 00000000..be0f5af1 --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/certmanager.yaml @@ -0,0 +1,45 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }}-selfsigned-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }}-root-ca + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ include "namespace-annotation-webhook.fullname" . }}-root-ca + duration: 43800h # 5 years + commonName: {{ include "namespace-annotation-webhook.fullname" . }}-root-ca + issuerRef: + name: {{ include "namespace-annotation-webhook.fullname" . }}-selfsigned-issuer + isCA: true +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }}-ca-issuer + namespace: {{ .Release.Namespace }} +spec: + ca: + secretName: {{ include "namespace-annotation-webhook.fullname" . }}-root-ca +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }}-cert + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ include "namespace-annotation-webhook.fullname" . }}-tls + duration: 8760h + renewBefore: 24h + issuerRef: + name: {{ include "namespace-annotation-webhook.fullname" . }}-ca-issuer + commonName: {{ include "namespace-annotation-webhook.fullname" . }}-tls + dnsNames: + - {{ include "namespace-annotation-webhook.fullname" . }} + - {{ include "namespace-annotation-webhook.fullname" . }}.{{ .Release.Namespace }}.svc diff --git a/packages/system/kubeovn-webhook/templates/clusterrole.yaml b/packages/system/kubeovn-webhook/templates/clusterrole.yaml new file mode 100644 index 00000000..37973f3c --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/clusterrole.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] diff --git a/packages/system/kubeovn-webhook/templates/crb.yaml b/packages/system/kubeovn-webhook/templates/crb.yaml new file mode 100644 index 00000000..6e9dbe00 --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/crb.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ include "namespace-annotation-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "namespace-annotation-webhook.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/packages/system/kubeovn-webhook/templates/deployment.yaml b/packages/system/kubeovn-webhook/templates/deployment.yaml new file mode 100644 index 00000000..19467341 --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ include "namespace-annotation-webhook.fullname" . }} + securityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + containers: + - name: {{ include "namespace-annotation-webhook.name" . }} + image: "{{ .Values.image }}" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + ports: + - containerPort: 8443 + name: https + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + args: + - "--tls-cert-file=/etc/webhook/certs/tls.crt" + - "--tls-key-file=/etc/webhook/certs/tls.key" + - "--port-security={{ .Values.portSecurity }}" + - "--routes={{ .Values.routes }}" + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + volumes: + - name: webhook-certs + secret: + secretName: {{ include "namespace-annotation-webhook.fullname" . }}-tls + defaultMode: 0400 diff --git a/packages/system/kubeovn-webhook/templates/mutatingwebhookconfiguration.yaml b/packages/system/kubeovn-webhook/templates/mutatingwebhookconfiguration.yaml new file mode 100644 index 00000000..fb9e8ca5 --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/mutatingwebhookconfiguration.yaml @@ -0,0 +1,33 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "namespace-annotation-webhook.fullname" . }}-cert + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.fullname" . }} +webhooks: + - name: kube-ovn-webhook.cozystack.io + admissionReviewVersions: ["v1"] + sideEffects: None + clientConfig: + service: + name: {{ include "namespace-annotation-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /mutate-pods + rules: + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + namespaceSelector: + matchExpressions: + - key: cozystack.io/system + operator: NotIn + values: + - "true" + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system diff --git a/packages/system/kubeovn-webhook/templates/service.yaml b/packages/system/kubeovn-webhook/templates/service.yaml new file mode 100644 index 00000000..e3375e44 --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: 443 + targetPort: 8443 + protocol: TCP + name: https + selector: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/packages/system/kubeovn-webhook/templates/serviceaccount.yaml b/packages/system/kubeovn-webhook/templates/serviceaccount.yaml new file mode 100644 index 00000000..dbd8f66f --- /dev/null +++ b/packages/system/kubeovn-webhook/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "namespace-annotation-webhook.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "namespace-annotation-webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml new file mode 100644 index 00000000..d6b566f4 --- /dev/null +++ b/packages/system/kubeovn-webhook/values.yaml @@ -0,0 +1,3 @@ +portSecurity: true +routes: "" +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.28.0@sha256:7412c1e3f5a1f0bc27b1d4a91c4715a88017fcbf758f838b51ea2005ec3cf7b2 diff --git a/packages/system/kubeovn/Makefile b/packages/system/kubeovn/Makefile index c484dd1a..2e0c1a21 100644 --- a/packages/system/kubeovn/Makefile +++ b/packages/system/kubeovn/Makefile @@ -1,4 +1,4 @@ -KUBEOVN_TAG = v1.13.2 +KUBEOVN_TAG = v1.13.3 export NAME=kubeovn export NAMESPACE=cozy-$(NAME) @@ -23,6 +23,7 @@ image: --cache-to type=inline \ --metadata-file images/kubeovn.json \ --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \ --load=$(LOAD) REGISTRY="$(REGISTRY)" \ yq -i '.global.registry.address = strenv(REGISTRY)' values.yaml diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index f18d25c4..03a69991 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v1.13.2 +version: v1.13.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.13.2" +appVersion: "1.13.3" kubeVersion: ">= 1.23.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml index e5217c6a..5c6afffa 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml @@ -118,6 +118,7 @@ spec: capabilities: add: - NET_BIND_SERVICE + - NET_RAW env: - name: ENABLE_SSL value: "{{ .Values.networking.ENABLE_SSL }}" @@ -161,19 +162,17 @@ spec: - mountPath: /var/run/tls name: kube-ovn-tls readinessProbe: - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10660 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10660 + path: /readyz + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' periodSeconds: 3 timeoutSeconds: 5 livenessProbe: - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10660 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10660 + path: /livez + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' initialDelaySeconds: 300 periodSeconds: 7 failureThreshold: 5 @@ -201,4 +200,3 @@ spec: secret: optional: true secretName: kube-ovn-tls - diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml index 0bb2f4d4..e4c3322c 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml @@ -67,6 +67,7 @@ spec: - --logtostderr=false - --alsologtostderr=true - --log_file_max_size=200 + - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} securityContext: runAsUser: {{ include "kubeovn.runAsUser" . }} privileged: false @@ -125,22 +126,20 @@ spec: initialDelaySeconds: 30 periodSeconds: 7 successThreshold: 1 - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10661 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10661 + path: /livez + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' timeoutSeconds: 5 readinessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 7 successThreshold: 1 - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10661 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10661 + path: /readyz + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' timeoutSeconds: 5 nodeSelector: kubernetes.io/os: "linux" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml index 856c9cd5..a0f7a26a 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml @@ -107,6 +107,7 @@ rules: - get - list - update + - patch - create - delete - watch @@ -206,6 +207,20 @@ rules: verbs: - approve - sign + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - "list" + - "watch" + - "get" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -261,6 +276,7 @@ rules: - ovn-eips - ovn-eips/status - nodes + - nodes/status - pods verbs: - get diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index dafe1fd9..3d9a7e88 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -198,22 +198,20 @@ spec: failureThreshold: 3 periodSeconds: 7 successThreshold: 1 - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10665 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10665 + path: /readyz + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' timeoutSeconds: 5 livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 7 successThreshold: 1 - exec: - command: - - /kube-ovn/kube-ovn-healthcheck - - --port=10665 - - --tls={{- .Values.func.SECURE_SERVING }} + httpGet: + port: 10665 + path: /livez + scheme: '{{ ternary "HTTPS" "HTTP" .Values.func.SECURE_SERVING }}' timeoutSeconds: 5 resources: requests: diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index 1fb290e9..2934a320 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -10,7 +10,7 @@ global: repository: kube-ovn dpdkRepository: kube-ovn-dpdk vpcRepository: vpc-nat-gateway - tag: v1.13.2 + tag: v1.13.3 support_arm: true thirdparty: true @@ -77,6 +77,7 @@ func: SET_VXLAN_TX_OFF: false OVSDB_CON_TIMEOUT: 3 OVSDB_INACTIVITY_TIMEOUT: 10 + ENABLE_LIVE_MIGRATION_OPTIMIZE: true ipv4: PINGER_EXTERNAL_ADDRESS: "1.1.1.1" diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile index 5f399575..543fa3c2 100644 --- a/packages/system/kubeovn/images/kubeovn/Dockerfile +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -1,10 +1,10 @@ # syntax = docker/dockerfile:experimental -ARG VERSION=v1.13.2 +ARG VERSION=v1.13.3 ARG BASE_TAG=$VERSION FROM golang:1.23-bookworm as builder -ARG TAG=v1.13.2 +ARG TAG=v1.13.3 RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source WORKDIR /source @@ -25,16 +25,15 @@ COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-o COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd COPY --from=builder /source/dist/images/kube-ovn-daemon /kube-ovn/kube-ovn-daemon -COPY --from=builder /source/dist/images/kube-ovn-pinger /kube-ovn/kube-ovn-pinger -RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ +COPY --from=builder /source/dist/images/kube-ovn-controller /kube-ovn/kube-ovn-controller +RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \ ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-webhook && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-healthcheck && \ ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \ ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller && \ + ln -s /kube-ovn/kube-ovn-controller /kube-ovn/kube-ovn-pinger && \ setcap CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-cmd && \ - setcap CAP_NET_RAW,CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-pinger && \ + setcap CAP_NET_RAW,CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-controller && \ setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /kube-ovn/kube-ovn-daemon FROM kubeovn/kube-ovn-base:$BASE_TAG @@ -51,4 +50,5 @@ WORKDIR /kube-ovn RUN setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/lib/openvswitch-switch/ovs-vswitchd \ && setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-legacy-multi \ && setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-nft-multi \ - && setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/ipset + && setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/ipset \ + && setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN+eip /usr/bin/ip diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index b8c3402c..68112e79 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -18,8 +18,8 @@ kube-ovn: DISABLE_MODULES_MANAGEMENT: true global: registry: - address: ghcr.io/aenix-io/cozystack + address: ghcr.io/cozystack/cozystack images: kubeovn: repository: kubeovn - tag: v1.13.2@sha256:6c55f8cdd696ca6799f373fc6824f2faa11f7a3185a9f29d7bbd08ff09b6b3e3 + tag: v1.13.3@sha256:1ce5fb7d596d2a6a52982e3d7541d56d75e14e8b0a1331c262bcbb9793a317af diff --git a/packages/system/kubevirt-instancetypes/Makefile b/packages/system/kubevirt-instancetypes/Makefile index adc17909..d0498f10 100644 --- a/packages/system/kubevirt-instancetypes/Makefile +++ b/packages/system/kubevirt-instancetypes/Makefile @@ -1,4 +1,4 @@ -export NAME=kubevirt-common-instancetypes +export NAME=kubevirt-instancetypes export NAMESPACE=cozy-kubevirt include ../../../scripts/package.mk diff --git a/packages/system/kubevirt/templates/kubevirt-cr.yaml b/packages/system/kubevirt/templates/kubevirt-cr.yaml index 6df93aba..5b0b3a0b 100644 --- a/packages/system/kubevirt/templates/kubevirt-cr.yaml +++ b/packages/system/kubevirt/templates/kubevirt-cr.yaml @@ -7,10 +7,14 @@ metadata: spec: certificateRotateStrategy: {} configuration: + commonInstancetypesDeployment: + enabled: false developerConfiguration: featureGates: - HotplugVolumes - ExpandDisks + - LiveMigration + evictionStrategy: LiveMigrate customizeComponents: {} imagePullPolicy: IfNotPresent monitorNamespace: tenant-root diff --git a/packages/system/linstor/hack/plunger/plunger-controller.sh b/packages/system/linstor/hack/plunger/plunger-controller.sh new file mode 100755 index 00000000..128c6317 --- /dev/null +++ b/packages/system/linstor/hack/plunger/plunger-controller.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -e + +terminate() { + echo "Caught signal, terminating" + exit 0 +} + +trap terminate SIGINT SIGQUIT SIGTERM + +echo "Running Linstor controller plunger:" +cat "${0}" + +while true; do + # timeout at the start of the loop to give some time for the linstor-controller to start + sleep 30 & + pid=$! + wait $pid + + # workaround for https://github.com/LINBIT/linstor-server/issues/437 + # try to delete snapshots that are stuck in the DELETE state + linstor -m s l \ + | jq -r '.[][] | select(.flags | contains(["DELETE"])) | "linstor snapshot delete \(.resource_name) \(.name)"' \ + | sh -x +done diff --git a/packages/system/linstor/hack/plunger/plunger-satellite.sh b/packages/system/linstor/hack/plunger/plunger-satellite.sh new file mode 100755 index 00000000..5ecc184d --- /dev/null +++ b/packages/system/linstor/hack/plunger/plunger-satellite.sh @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +terminate() { + echo "Caught signal, terminating" + exit 0 +} + +trap terminate SIGINT SIGQUIT SIGTERM + +echo "Running Linstor per-satellite plunger:" +cat "${0}" + +while true; do + + # timeout at the start of the loop to give a chance for the fresh linstor-satellite instance to cleanup itself + sleep 30 & + pid=$! + wait $pid + + # Detect orphaned loop devices and detach them + # the `/` path could not be a backing file for a loop device, so it's a good indicator of a stuck loop device + # TODO describe the issue in more detail + # Using the direct /usr/sbin/losetup as the linstor-satellite image has own wrapper in /usr/local + stale_loopbacks=$(/usr/sbin/losetup --json | jq -r '.[][] | select(."back-file" == "/ (deleted)").name') + for stale_device in $stale_loopbacks; do ( + echo "Detaching stuck loop device ${stale_device}" + set -x + /usr/sbin/losetup --detach "${stale_device}" + ); done + + # Detect secondary volumes that lost connection and can be simply reconnected + disconnected_secondaries=$(drbdadm status 2>/dev/null | awk '/pvc-.*role:Secondary.*force-io-failures:yes/ {print $1}') + for secondary in $disconnected_secondaries; do ( + echo "Trying to reconnect secondary volume ${secondary}" + set -x + drbdadm down "${secondary}" + drbdadm up "${secondary}" + ); done + +done diff --git a/packages/system/linstor/templates/_helpers.tpl b/packages/system/linstor/templates/_helpers.tpl new file mode 100644 index 00000000..20d43863 --- /dev/null +++ b/packages/system/linstor/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{- define "cozy.linstor.version" -}} +{{- $piraeusConfigMap := lookup "v1" "ConfigMap" "cozy-linstor" "piraeus-operator-image-config"}} +{{- if not $piraeusConfigMap }} + {{- fail "Piraeus controller is not yet installed, ConfigMap cozy-linstor/piraeus-operator-image-config is missing" }} +{{- end }} +{{- $piraeusImagesConfig := $piraeusConfigMap | dig "data" "0_piraeus_datastore_images.yaml" nil | required "No image config" | fromYaml }} +base: {{ $piraeusImagesConfig.base | required "No image base in piraeus config" }} +controller: + image: {{ $piraeusImagesConfig | dig "components" "linstor-controller" "image" nil | required "No controller image" }} + tag: {{ $piraeusImagesConfig | dig "components" "linstor-controller" "tag" nil | required "No controller tag" }} +satellite: + image: {{ $piraeusImagesConfig | dig "components" "linstor-satellite" "image" nil | required "No satellite image" }} + tag: {{ $piraeusImagesConfig | dig "components" "linstor-satellite" "tag" nil | required "No satellite tag" }} +{{- end -}} + +{{- define "cozy.linstor.version.controller" -}} +{{- $version := (include "cozy.linstor.version" .) | fromYaml }} +{{- printf "%s/%s:%s" $version.base $version.controller.image $version.controller.tag }} +{{- end -}} + +{{- define "cozy.linstor.version.satellite" -}} +{{- $version := (include "cozy.linstor.version" .) | fromYaml }} +{{- printf "%s/%s:%s" $version.base $version.satellite.image $version.satellite.tag }} +{{- end -}} diff --git a/packages/system/linstor/templates/cluster.yaml b/packages/system/linstor/templates/cluster.yaml index 553d2716..fffb170d 100644 --- a/packages/system/linstor/templates/cluster.yaml +++ b/packages/system/linstor/templates/cluster.yaml @@ -13,3 +13,33 @@ spec: certManager: name: linstor-api-ca kind: Issuer + controller: + enabled: true + podTemplate: + spec: + containers: + - name: plunger + image: {{ include "cozy.linstor.version.controller" . }} + command: + - "/scripts/plunger-controller.sh" + securityContext: + capabilities: + drop: + - ALL + # make some room for live debugging + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /etc/linstor/client + name: client-tls + readOnly: true + - mountPath: /etc/linstor + name: etc-linstor + readOnly: true + - mountPath: /scripts + name: script-volume + readOnly: true + volumes: + - name: script-volume + configMap: + name: linstor-plunger + defaultMode: 0755 diff --git a/packages/system/linstor/templates/plunger/configmap-scripts.yaml b/packages/system/linstor/templates/plunger/configmap-scripts.yaml new file mode 100644 index 00000000..9b5754ba --- /dev/null +++ b/packages/system/linstor/templates/plunger/configmap-scripts.yaml @@ -0,0 +1,13 @@ +{{- $files := .Files.Glob "hack/plunger/*.sh" -}} +{{/* TODO Add checksum of scripts to the pod selectors */}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: linstor-plunger + namespace: cozy-linstor +data: +{{- range $path, $file := $files }} + {{ $path | base }}: | + {{- $file | toString | nindent 4 }} +{{- end -}} diff --git a/packages/system/linstor/templates/podscrape.yaml b/packages/system/linstor/templates/podscrape.yaml new file mode 100644 index 00000000..91b2de49 --- /dev/null +++ b/packages/system/linstor/templates/podscrape.yaml @@ -0,0 +1,44 @@ +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMPodScrape +metadata: + name: linstor-satellite + namespace: cozy-linstor +spec: + podMetricsEndpoints: + - port: prometheus + scheme: http + relabelConfigs: + - action: labeldrop + regex: (endpoint|namespace|pod|container) + - replacement: linstor-controller + targetLabel: job + - sourceLabels: [__meta_kubernetes_pod_node_name] + targetLabel: node + - targetLabel: tier + replacement: cluster + selector: + matchLabels: + app.kubernetes.io/component: linstor-satellite +--- +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMPodScrape +metadata: + name: linstor-controller + namespace: cozy-linstor +spec: + podMetricsEndpoints: + - path: /metrics + port: api + scheme: http + relabelConfigs: + - action: labeldrop + regex: (endpoint|namespace|pod|container) + - replacement: linstor-satellite + targetLabel: job + - sourceLabels: [__meta_kubernetes_pod_node_name] + targetLabel: node + - targetLabel: tier + replacement: cluster + selector: + matchLabels: + app.kubernetes.io/component: linstor-controller diff --git a/packages/system/linstor/templates/satellites-cozy.yaml b/packages/system/linstor/templates/satellites-cozy.yaml new file mode 100644 index 00000000..a4c1baa7 --- /dev/null +++ b/packages/system/linstor/templates/satellites-cozy.yaml @@ -0,0 +1,18 @@ +apiVersion: piraeus.io/v1 +kind: LinstorSatelliteConfiguration +metadata: + name: cozystack +spec: + internalTLS: + certManager: + name: linstor-internal-ca + kind: Issuer + podTemplate: + spec: + # host-network is recommended by Piraeus while it is not default in the upstream + hostNetwork: true + containers: + - name: linstor-satellite + securityContext: + # real-world installations need some debugging from time to time + readOnlyRootFilesystem: false diff --git a/packages/system/linstor/templates/satellites-plunger.yaml b/packages/system/linstor/templates/satellites-plunger.yaml new file mode 100644 index 00000000..d70191e0 --- /dev/null +++ b/packages/system/linstor/templates/satellites-plunger.yaml @@ -0,0 +1,56 @@ +apiVersion: piraeus.io/v1 +kind: LinstorSatelliteConfiguration +metadata: + name: cozystack-plunger +spec: + internalTLS: + certManager: + name: linstor-internal-ca + kind: Issuer + podTemplate: + spec: + containers: + - name: plunger + image: {{ include "cozy.linstor.version.satellite" . }} + command: + - "/scripts/plunger-satellite.sh" + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_ADMIN + drop: + - ALL + privileged: true + # make some room for live debugging + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /run + name: host-run + - mountPath: /dev + name: dev + - mountPath: /var/lib/drbd + name: var-lib-drbd + - mountPath: /var/lib/linstor.d + name: var-lib-linstor-d + - mountPath: /etc/lvm + name: container-etc-lvm + - mountPath: /etc/lvm/archive + name: etc-lvm-archive + - mountPath: /etc/lvm/backup + name: etc-lvm-backup + - mountPath: /run/lock/lvm + name: run-lock-lvm + - mountPath: /run/lvm + name: run-lvm + - mountPath: /run/udev + name: run-udev + readOnly: true + - mountPath: /scripts + name: script-volume + readOnly: true + volumes: + - name: script-volume + configMap: + name: linstor-plunger + defaultMode: 0755 diff --git a/packages/system/linstor/templates/satellites.yaml b/packages/system/linstor/templates/satellites-talos.yaml similarity index 59% rename from packages/system/linstor/templates/satellites.yaml rename to packages/system/linstor/templates/satellites-talos.yaml index c5f3bdd2..6c65cc95 100644 --- a/packages/system/linstor/templates/satellites.yaml +++ b/packages/system/linstor/templates/satellites-talos.yaml @@ -1,40 +1,33 @@ apiVersion: piraeus.io/v1 kind: LinstorSatelliteConfiguration metadata: - name: linstor-satellites + name: cozystack-talos spec: - internalTLS: - certManager: - name: linstor-internal-ca - kind: Issuer - #storagePools: - #- name: "data" - # lvmPool: - # volumeGroup: "data" patches: - - target: - kind: Pod - name: satellite - patch: | - apiVersion: v1 - kind: Pod - metadata: - name: satellite - spec: - hostNetwork: true - initContainers: + - target: + group: apps + version: v1 + kind: DaemonSet + name: linstor-satellite + patch: | + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: linstor-satellite + spec: + template: + spec: + initContainers: - name: drbd-shutdown-guard $patch: delete - name: drbd-module-loader $patch: delete - containers: - - name: linstor-satellite - volumeMounts: - - mountPath: /run - name: host-run - securityContext: - readOnlyRootFilesystem: false - volumes: + containers: + - name: linstor-satellite + volumeMounts: + - mountPath: /run + name: host-run + volumes: - name: run-systemd-system $patch: delete - name: run-drbd-shutdown-guard diff --git a/packages/system/linstor/templates/volumesnapshotclass.yaml b/packages/system/linstor/templates/volumesnapshotclass.yaml new file mode 100644 index 00000000..4e950f3f --- /dev/null +++ b/packages/system/linstor/templates/volumesnapshotclass.yaml @@ -0,0 +1,8 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" + name: linstor-snapshots +driver: linstor.csi.linbit.com +deletionPolicy: Delete diff --git a/packages/system/monitoring-agents/alerts/kubernetes-system-apiserver.yaml b/packages/system/monitoring-agents/alerts/kubernetes-system-apiserver.yaml index 3acc123f..f20c373e 100644 --- a/packages/system/monitoring-agents/alerts/kubernetes-system-apiserver.yaml +++ b/packages/system/monitoring-agents/alerts/kubernetes-system-apiserver.yaml @@ -19,7 +19,7 @@ spec: < 604800 for: 5m labels: - severity: warning + severity: informational exported_instance: '{{ $labels.namespace }}/{{ $labels.pod }}' service: kubernetes-system-apiserver - alert: KubeClientCertificateExpiration @@ -34,7 +34,7 @@ spec: < 86400 for: 5m labels: - severity: critical + severity: informational exported_instance: '{{ $labels.namespace }}/{{ $labels.pod }}' service: kubernetes-system-apiserver - alert: KubeAggregatedAPIErrors diff --git a/packages/system/monitoring-agents/charts/fluent-bit/Chart.yaml b/packages/system/monitoring-agents/charts/fluent-bit/Chart.yaml index 09c4cb50..d09f1e47 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/Chart.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - kind: changed - description: "Updated Fluent Bit OCI image to v3.1.9" + description: "Updated Fluent Bit OCI image to v3.2.8." apiVersion: v1 -appVersion: 3.1.9 +appVersion: 3.2.8 description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD family operating systems. home: https://fluentbit.io/ @@ -24,4 +24,4 @@ maintainers: name: fluent-bit sources: - https://github.com/fluent/fluent-bit/ -version: 0.47.10 +version: 0.48.9 diff --git a/packages/system/monitoring-agents/charts/fluent-bit/README.md b/packages/system/monitoring-agents/charts/fluent-bit/README.md index 6920d3d7..2a4224c6 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/README.md +++ b/packages/system/monitoring-agents/charts/fluent-bit/README.md @@ -27,7 +27,7 @@ Fluent Bit allows us to build filter to modify the incoming records using custom ### How to use Lua scripts with this Chart -First, you should add your Lua scripts to `luaScripts` in values.yaml, for example: +First, you should add your Lua scripts to `luaScripts` in values.yaml, templating is supported. ```yaml luaScripts: diff --git a/packages/system/monitoring-agents/charts/fluent-bit/ci/ci-values.yaml b/packages/system/monitoring-agents/charts/fluent-bit/ci/ci-values.yaml index bafd568a..1c48569f 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/ci/ci-values.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/ci/ci-values.yaml @@ -3,6 +3,41 @@ testFramework: logLevel: debug +extraVolumeMounts: + - name: extra-volume + mountPath: /extra-volume-path + - name: another-extra-volume + mountPath: /another-extra-volume-path + +extraVolumes: + - name: extra-volume + emptyDir: {} + - name: another-extra-volume + emptyDir: {} + dashboards: enabled: true deterministicUid: true + +luaScripts: + filter_example.lua: | + function filter_name(tag, timestamp, record) + -- put your lua code here. + end + filter_with_templating_example.lua: | + local log_level = {{ .Values.logLevel | quote }} + function filter_with_templating_name(tag, timestamp, record) + -- put your lua code here. + end + +config: + outputs: | + [OUTPUT] + name stdout + match * + +hotReload: + enabled: true + extraWatchVolumes: + - extra-volume + - another-extra-volume diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/NOTES.txt b/packages/system/monitoring-agents/charts/fluent-bit/templates/NOTES.txt index e7284204..7e09ee62 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/NOTES.txt +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/NOTES.txt @@ -2,4 +2,5 @@ Get Fluent Bit build information by running these commands: export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fluent-bit.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 2020:2020 -curl http://127.0.0.1:2020 +curl http://127.0.0.1:2020 + diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/_pod.tpl b/packages/system/monitoring-agents/charts/fluent-bit/templates/_pod.tpl index 18258a75..8e0eb0c3 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/_pod.tpl +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/_pod.tpl @@ -108,11 +108,18 @@ containers: - {{ printf "-webhook-url=http://localhost:%s/api/v2/reload" (toString .Values.metricsPort) }} - -volume-dir=/watch/config - -volume-dir=/watch/scripts + {{- range $idx, $val := .Values.hotReload.extraWatchVolumes }} + - {{ printf "-volume-dir=/watch/extra-%d" (int $idx) }} + {{- end }} volumeMounts: - name: config mountPath: /watch/config - name: luascripts mountPath: /watch/scripts + {{- range $idx, $val := .Values.hotReload.extraWatchVolumes }} + - name: {{ $val }} + mountPath: {{ printf "/watch/extra-%d" (int $idx) }} + {{- end }} {{- with .Values.hotReload.resources }} resources: {{- toYaml . | nindent 12 }} @@ -132,7 +139,7 @@ volumes: {{- if or .Values.luaScripts .Values.hotReload.enabled }} - name: luascripts configMap: - name: {{ include "fluent-bit.fullname" . }}-luascripts + name: {{ include "fluent-bit.fullname" . }}-luascripts {{- end }} {{- if eq .Values.kind "DaemonSet" }} {{- toYaml .Values.daemonSetVolumes | nindent 2 }} diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/configmap-luascripts.yaml b/packages/system/monitoring-agents/charts/fluent-bit/templates/configmap-luascripts.yaml index c9d152c9..451e433d 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/configmap-luascripts.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/configmap-luascripts.yaml @@ -8,6 +8,6 @@ metadata: {{- include "fluent-bit.labels" . | nindent 4 }} data: {{ range $key, $value := .Values.luaScripts }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ (tpl $value $) | quote }} {{ end }} {{- end -}} diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/psp.yaml b/packages/system/monitoring-agents/charts/fluent-bit/templates/psp.yaml index 20b38ec9..2e7f500c 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/psp.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/psp.yaml @@ -20,12 +20,15 @@ spec: hostNetwork: {{ .Values.hostNetwork }} hostIPC: false hostPID: false +{{- with .Values.podSecurityPolicy.runAsUser }} runAsUser: - # TODO: Require the container to run without root privileges. - rule: 'RunAsAny' + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.podSecurityPolicy.seLinux }} seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' + {{- toYaml . | nindent 4 }} +{{- end }} + supplementalGroups: rule: 'MustRunAs' ranges: diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/scc.yaml b/packages/system/monitoring-agents/charts/fluent-bit/templates/scc.yaml index 5c599106..b9ed6d64 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/scc.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/scc.yaml @@ -24,10 +24,14 @@ forbiddenSysctls: readOnlyRootFilesystem: false requiredDropCapabilities: - MKNOD +{{- with .Values.openShift.securityContextConstraints.runAsUser }} runAsUser: - type: RunAsAny + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.openShift.securityContextConstraints.seLinuxContext }} seLinuxContext: - type: MustRunAs + {{- toYaml . | nindent 4 }} +{{- end }} supplementalGroups: type: RunAsAny volumes: diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/tests/test-connection.yaml b/packages/system/monitoring-agents/charts/fluent-bit/templates/tests/test-connection.yaml index 3d464fa6..4852059c 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/tests/test-connection.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/tests/test-connection.yaml @@ -17,7 +17,7 @@ spec: image: {{ include "fluent-bit.image" .Values.testFramework.image | quote }} imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }} command: ["sh"] - args: ["-c", "wget -O- {{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}"] + args: ["-c", "sleep 5s && wget -O- {{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}"] {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 4 }} diff --git a/packages/system/monitoring-agents/charts/fluent-bit/templates/vpa.yaml b/packages/system/monitoring-agents/charts/fluent-bit/templates/vpa.yaml index 839479e5..58dfaa09 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/templates/vpa.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/templates/vpa.yaml @@ -15,7 +15,7 @@ spec: containerPolicies: - containerName: {{ .Chart.Name }} {{- with .Values.autoscaling.vpa.controlledResources }} - controlledResources: + controlledResources: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.autoscaling.vpa.maxAllowed }} diff --git a/packages/system/monitoring-agents/charts/fluent-bit/values.yaml b/packages/system/monitoring-agents/charts/fluent-bit/values.yaml index d84ab662..f13c014c 100644 --- a/packages/system/monitoring-agents/charts/fluent-bit/values.yaml +++ b/packages/system/monitoring-agents/charts/fluent-bit/values.yaml @@ -45,6 +45,11 @@ rbac: podSecurityPolicy: create: false annotations: {} + runAsUser: + rule: RunAsAny + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: RunAsAny # OpenShift-specific configuration openShift: @@ -54,6 +59,10 @@ openShift: create: true name: "" annotations: {} + runAsUser: + type: RunAsAny + seLinuxContext: + type: MustRunAs # Use existing SCC in cluster, rather then create new one existingName: "" @@ -98,14 +107,13 @@ service: # nodePort: 30020 # clusterIP: 172.16.10.1 annotations: {} -# prometheus.io/path: "/api/v1/metrics/prometheus" -# prometheus.io/port: "2020" -# prometheus.io/scrape: "true" + # prometheus.io/path: "/api/v1/metrics/prometheus" + # prometheus.io/port: "2020" + # prometheus.io/scrape: "true" externalIPs: [] # externalIPs: # - 2.2.2.2 - serviceMonitor: enabled: false # namespace: monitoring @@ -362,6 +370,7 @@ networkPolicy: # ingress: # from: [] +# See Lua script configuration example in README.md luaScripts: {} ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file @@ -506,7 +515,8 @@ hotReload: enabled: false image: repository: ghcr.io/jimmidyson/configmap-reload - tag: v0.11.1 + tag: v0.14.0 digest: pullPolicy: IfNotPresent resources: {} + extraWatchVolumes: [] diff --git a/packages/system/monitoring-agents/charts/kube-state-metrics/Chart.yaml b/packages/system/monitoring-agents/charts/kube-state-metrics/Chart.yaml index 75521331..cb98805b 100644 --- a/packages/system/monitoring-agents/charts/kube-state-metrics/Chart.yaml +++ b/packages/system/monitoring-agents/charts/kube-state-metrics/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 2.13.0 +appVersion: 2.15.0 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -15,12 +15,15 @@ keywords: maintainers: - email: tariq.ibrahim@mulesoft.com name: tariq1890 + url: https://github.com/tariq1890 - email: manuel@rueg.eu name: mrueg + url: https://github.com/mrueg - email: david@0xdc.me name: dotdc + url: https://github.com/dotdc name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 5.26.0 +version: 5.30.1 diff --git a/packages/system/monitoring-agents/charts/kube-state-metrics/templates/deployment.yaml b/packages/system/monitoring-agents/charts/kube-state-metrics/templates/deployment.yaml index 2aff1888..93664085 100644 --- a/packages/system/monitoring-agents/charts/kube-state-metrics/templates/deployment.yaml +++ b/packages/system/monitoring-agents/charts/kube-state-metrics/templates/deployment.yaml @@ -66,11 +66,22 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 8 }} + {{- end }} + {{ else }} + {{- if .Values.env }} + env: + {{- toYaml .Values.env | nindent 8 }} + {{- end }} {{- end }} args: {{- if .Values.extraArgs }} {{- .Values.extraArgs | toYaml | nindent 8 }} {{- end }} + {{- if .Values.kubeRBACProxy.enabled }} + - --host=127.0.0.1 + {{- end }} - --port={{ $servicePort }} {{- if .Values.collectors }} - --resources={{ .Values.collectors | join "," }} @@ -163,8 +174,13 @@ spec: value: {{ $header.value }} {{- end }} path: /healthz + {{- if .Values.kubeRBACProxy.enabled }} + port: {{ .Values.service.port | default 8080 }} + scheme: HTTPS + {{- else }} port: {{ $servicePort }} scheme: {{ upper .Values.startupProbe.httpGet.scheme }} + {{- end }} initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.startupProbe.periodSeconds }} successThreshold: {{ .Values.startupProbe.successThreshold }} @@ -182,8 +198,13 @@ spec: value: {{ $header.value }} {{- end }} path: /livez + {{- if .Values.kubeRBACProxy.enabled }} + port: {{ .Values.service.port | default 8080 }} + scheme: HTTPS + {{- else }} port: {{ $servicePort }} scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} + {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} @@ -200,8 +221,13 @@ spec: value: {{ $header.value }} {{- end }} path: /readyz - port: {{ $servicePort }} + {{- if .Values.kubeRBACProxy.enabled }} + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + scheme: HTTPS + {{- else }} + port: {{ $telemetryPort }} scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} + {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} @@ -299,7 +325,11 @@ spec: {{- end }} {{- if .Values.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} + {{- if kindIs "map" .Values.affinity }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else }} + {{- tpl .Values.affinity $ | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/packages/system/monitoring-agents/charts/kube-state-metrics/templates/role.yaml b/packages/system/monitoring-agents/charts/kube-state-metrics/templates/role.yaml index d33687f2..ff7ea1b4 100644 --- a/packages/system/monitoring-agents/charts/kube-state-metrics/templates/role.yaml +++ b/packages/system/monitoring-agents/charts/kube-state-metrics/templates/role.yaml @@ -105,6 +105,30 @@ rules: - networkpolicies verbs: ["list", "watch"] {{ end -}} +{{ if has "ingressclasses" $.Values.collectors }} +- apiGroups: ["networking.k8s.io"] + resources: + - ingressclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "clusterrolebindings" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + verbs: ["list", "watch"] +{{ end -}} +{{ if has "clusterroles" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterroles + verbs: ["list", "watch"] +{{ end -}} +{{ if has "roles" $.Values.collectors }} +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + verbs: ["list", "watch"] +{{ end -}} {{ if has "nodes" $.Values.collectors }} - apiGroups: [""] resources: diff --git a/packages/system/monitoring-agents/charts/kube-state-metrics/values.yaml b/packages/system/monitoring-agents/charts/kube-state-metrics/values.yaml index a7b2bdad..49571fbc 100644 --- a/packages/system/monitoring-agents/charts/kube-state-metrics/values.yaml +++ b/packages/system/monitoring-agents/charts/kube-state-metrics/values.yaml @@ -106,7 +106,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.18.0 + tag: v0.18.2 sha: "" pullPolicy: IfNotPresent @@ -160,6 +160,13 @@ serviceAccount: # If false then the user will opt out of automounting API credentials. automountServiceAccountToken: true +# Additional Environment variables +env: {} + # - name: GOMAXPROCS + # valueFrom: + # resourceFieldRef: + # resource: limits.cpu + prometheus: monitor: enabled: false @@ -297,8 +304,16 @@ containerSecurityContext: nodeSelector: {} ## Affinity settings for pod assignment +## Can be defined as either a dict or string. String is useful for `tpl` templating. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} +# affinity: | +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchLabels: +# {{- include "kube-state-metrics.selectorLabels" . | indent 10 }} +# topologyKey: kubernetes.io/hostname ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ @@ -382,6 +397,10 @@ collectors: - storageclasses - validatingwebhookconfigurations - volumeattachments + # - ingressclasses + # - clusterrolebindings + # - clusterroles + # - roles # Enabling kubeconfig will pass the --kubeconfig argument to the container kubeconfig: diff --git a/packages/system/monitoring-agents/charts/metrics-server/RELEASE.md b/packages/system/monitoring-agents/charts/metrics-server/RELEASE.md index e69de29b..8b137891 100644 --- a/packages/system/monitoring-agents/charts/metrics-server/RELEASE.md +++ b/packages/system/monitoring-agents/charts/metrics-server/RELEASE.md @@ -0,0 +1 @@ + diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/.helmignore b/packages/system/monitoring-agents/charts/prometheus-node-exporter/.helmignore index f0c13194..2846d361 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/.helmignore +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj + +ci/ diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/Chart.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/Chart.yaml index 626592ca..3cb29d11 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/Chart.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 1.8.2 +appVersion: 1.9.0 description: A Helm chart for prometheus node-exporter home: https://github.com/prometheus/node_exporter/ keywords: @@ -14,12 +14,15 @@ keywords: maintainers: - email: gianrubio@gmail.com name: gianrubio + url: https://github.com/gianrubio - email: zanhsieh@gmail.com name: zanhsieh + url: https://github.com/zanhsieh - email: rootsandtrees@posteo.de name: zeritti + url: https://github.com/zeritti name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 4.40.0 +version: 4.44.1 diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/README.md b/packages/system/monitoring-agents/charts/prometheus-node-exporter/README.md index ef838441..fd833955 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/README.md +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/README.md @@ -50,7 +50,7 @@ kubectl delete daemonset -l app=prometheus-node-exporter helm upgrade -i prometheus-node-exporter prometheus-community/prometheus-node-exporter ``` -If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. +If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. ### From 2.x to 3.x diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/common-labels-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/common-labels-values.yaml deleted file mode 100644 index 719e9356..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/common-labels-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -commonLabels: - foo: bar - baz: '{{ include "prometheus-node-exporter.fullname" . }}' diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/default-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/default-values.yaml deleted file mode 100644 index 39d98f71..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -## Default values test case diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/networkpolicy-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/networkpolicy-values.yaml deleted file mode 100644 index bcea8de4..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/networkpolicy-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -networkPolicy: - enabled: true - ingress: - - ports: - - port: 9100 diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/pod-labels-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/pod-labels-values.yaml deleted file mode 100644 index 7de36a6a..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/pod-labels-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -podLabels: - foo: bar - baz: '{{ .Chart.AppVersion }}' diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/port-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/port-values.yaml deleted file mode 100644 index dbfb4b67..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/port-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -service: - targetPort: 9102 - port: 9102 diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/service-labels-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/service-labels-values.yaml deleted file mode 100644 index 9c5e3650..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/service-labels-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -service: - labels: - foo: bar - baz: quux diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/serviceport-values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/serviceport-values.yaml deleted file mode 100644 index b0b7be65..00000000 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/ci/serviceport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -service: - servicePort: 80 diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/NOTES.txt b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/NOTES.txt index 053bfd09..db8584de 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/NOTES.txt +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/NOTES.txt @@ -26,4 +26,4 @@ rules: verbs: - get ``` -{{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/_helpers.tpl b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/_helpers.tpl index 6f6518b7..890c487a 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/_helpers.tpl +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -200,3 +200,38 @@ labelValueLengthLimit: {{ . }} {{- end }} {{- end }} {{- end }} + +{{/* +The default node affinity to exclude +- AWS Fargate +- Azure virtual nodes +*/}} +{{- define "prometheus-node-exporter.defaultAffinity" -}} +nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + - key: type + operator: NotIn + values: + - virtual-kubelet +{{- end -}} +{{- define "prometheus-node-exporter.mergedAffinities" -}} +{{- $defaultAffinity := include "prometheus-node-exporter.defaultAffinity" . | fromYaml -}} +{{- with .Values.affinity -}} + {{- if .nodeAffinity -}} + {{- $_ := set $defaultAffinity "nodeAffinity" (mergeOverwrite $defaultAffinity.nodeAffinity .nodeAffinity) -}} + {{- end -}} + {{- if .podAffinity -}} + {{- $_ := set $defaultAffinity "podAffinity" .podAffinity -}} + {{- end -}} + {{- if .podAntiAffinity -}} + {{- $_ := set $defaultAffinity "podAntiAffinity" .podAntiAffinity -}} + {{- end -}} +{{- end -}} +{{- toYaml $defaultAffinity -}} +{{- end -}} diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/daemonset.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/daemonset.yaml index 37ac60e6..e3ac2f18 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -178,6 +178,9 @@ spec: - name: {{ .name }} mountPath: {{ .mountPath }} {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- range .Values.sidecars }} {{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }} {{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }} @@ -193,9 +196,24 @@ spec: - --upstream=http://127.0.0.1:{{ $servicePort }}/ - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }} - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml + {{- if and .Values.kubeRBACProxy.tls.enabled .Values.tlsSecret.enabled }} + - --tls-cert-file=/tls/private/{{ .Values.tlsSecret.certItem }} + - --tls-private-key-file=/tls/private/{{ .Values.tlsSecret.keyItem }} + {{- if and .Values.kubeRBACProxy.tls.tlsClientAuth .Values.tlsSecret.caItem }} + - --client-ca-file=/tls/private/{{ .Values.tlsSecret.caItem }} + {{- end }} + {{- end }} volumeMounts: - name: kube-rbac-proxy-config mountPath: /etc/kube-rbac-proxy-config + {{- if and .Values.kubeRBACProxy.tls.enabled .Values.tlsSecret.enabled }} + - name: {{ tpl .Values.tlsSecret.volumeName . | quote }} + mountPath: /tls/private + readOnly: true + {{- end }} + {{- with .Values.kubeRBACProxy.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} {{- if .Values.kubeRBACProxy.image.sha }} image: "{{ .Values.global.imageRegistry | default .Values.kubeRBACProxy.image.registry}}/{{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}@sha256:{{ .Values.kubeRBACProxy.image.sha }}" @@ -249,10 +267,8 @@ spec: hostNetwork: {{ .Values.hostNetwork }} hostPID: {{ .Values.hostPID }} hostIPC: {{ .Values.hostIPC }} - {{- with .Values.affinity }} affinity: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "prometheus-node-exporter.mergedAffinities" . | nindent 8 }} {{- with .Values.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} @@ -313,3 +329,20 @@ spec: configMap: name: {{ template "prometheus-node-exporter.fullname" . }}-rbac-config {{- end }} + {{- if .Values.tlsSecret.enabled }} + - name: {{ tpl .Values.tlsSecret.volumeName . | quote }} + secret: + secretName: {{ tpl .Values.tlsSecret.secretName . | quote }} + items: + - key: {{ required "Value tlsSecret.certItem must be set." .Values.tlsSecret.certItem | quote }} + path: {{ .Values.tlsSecret.certItem | quote }} + - key: {{ required "Value tlsSecret.keyItem must be set." .Values.tlsSecret.keyItem | quote }} + path: {{ .Values.tlsSecret.keyItem | quote }} + {{- if .Values.tlsSecret.caItem }} + - key: {{ .Values.tlsSecret.caItem | quote }} + path: {{ .Values.tlsSecret.caItem | quote }} + {{- end }} + {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml index 210e00b2..89573172 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml @@ -3,7 +3,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: psp-{{ include "prometheus-node-exporter.fullname" . }} - labels: + labels: {{- include "prometheus-node-exporter.labels" . | nindent 4 }} rules: - apiGroups: ['extensions'] diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/rbac-configmap.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/rbac-configmap.yaml index 3936cbdf..814e1103 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/rbac-configmap.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/rbac-configmap.yaml @@ -13,4 +13,4 @@ data: resource: services subresource: {{ template "prometheus-node-exporter.fullname" . }} name: {{ template "prometheus-node-exporter.fullname" . }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/serviceaccount.yaml index 7402da59..462b0cda 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/serviceaccount.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount metadata: name: {{ include "prometheus-node-exporter.serviceAccountName" . }} namespace: {{ include "prometheus-node-exporter.namespace" . }} - labels: + labels: {{- include "prometheus-node-exporter.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/servicemonitor.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/servicemonitor.yaml index 0d7a42ea..96ec1af5 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/servicemonitor.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/templates/servicemonitor.yaml @@ -16,6 +16,10 @@ spec: podTargetLabels: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.prometheus.monitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} selector: matchLabels: {{- with .Values.prometheus.monitor.selectorOverride }} diff --git a/packages/system/monitoring-agents/charts/prometheus-node-exporter/values.yaml b/packages/system/monitoring-agents/charts/prometheus-node-exporter/values.yaml index 73a8f4a2..499190cd 100644 --- a/packages/system/monitoring-agents/charts/prometheus-node-exporter/values.yaml +++ b/packages/system/monitoring-agents/charts/prometheus-node-exporter/values.yaml @@ -45,7 +45,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.18.0 + tag: v0.18.2 sha: "" pullPolicy: IfNotPresent @@ -84,6 +84,37 @@ kubeRBACProxy: # cpu: 10m # memory: 32Mi + ## Additional volume mounts in the kube-rbac-proxy container + ## See extraVolumes below + extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /extra + # readOnly: true + + ## tls enables using TLS resources from a volume on secret referred to in tlsSecret below. + ## When enabling tlsClientAuth, client CA certificate must be set in tlsSecret.caItem. + ## Ref. https://github.com/brancz/kube-rbac-proxy/issues/187 + tls: + enabled: false + tlsClientAuth: false + +## tlsSecret refers to an existing secret holding TLS items: client CA certificate, private key and certificate. +## secretName and volumeName can be templated. +## If enabled, volume volumeName gets created on secret secretName. +## The volume's resources will be used by kube-rbac-proxy if kubeRBACProxy.tls.enabled is set. +tlsSecret: + enabled: false + ## Key with client CA certificate (optional) + caItem: "" + ## Key with certificate + certItem: tls.crt + ## Key with private key + keyItem: tls.key + ## Name of an existing secret + secretName: prometheus-node-exporter-tls + ## Name of the volume to be created + volumeName: prometheus-node-exporter-tls + ## Service configuration service: ## Creating a service is enabled by default @@ -148,9 +179,13 @@ prometheus: jobLabel: "" # List of pod labels to add to node exporter metrics - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor podTargetLabels: [] + # List of target labels to add to node exporter metrics + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor + targetLabels: [] + scheme: http basicAuth: {} bearerTokenFile: @@ -197,7 +232,7 @@ prometheus: labelValueLengthLimit: 0 # PodMonitor defines monitoring for a set of pods. - # ref. https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor + # ref. https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmonitor # Using a PodMonitor may be preferred in some environments where there is very large number # of Node Exporter endpoints (1000+) behind a single service. # The PodMonitor is disabled by default. When switching from ServiceMonitor to PodMonitor, @@ -238,10 +273,10 @@ prometheus: # TLS configuration to use when scraping the endpoint. tlsConfig: {} # Authorization section for this endpoint. - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.SafeAuthorization + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#safeauthorization authorization: {} # OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.OAuth2 + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#oauth2 oauth2: {} # ProxyURL eg http://proxyserver:2195. Directs scrapes through proxy to this endpoint. @@ -373,7 +408,8 @@ hostSysFsMount: mountPropagation: "" ## Assign a group of affinity scheduling rules -## +## The default nodeAffinity excludes Fargate nodes and virtual kubelets from scheduling +## unless overriden by hard node affinity set in the field. affinity: {} # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: @@ -461,9 +497,11 @@ extraHostVolumeMounts: [] configmaps: [] # - name: # mountPath: + secrets: [] # - name: # mountPath: + ## Override the deployment namespace ## namespaceOverride: "" @@ -562,5 +600,19 @@ extraManifests: [] # data: # extra-data: "value" +## Extra volumes to become available in the pod +extraVolumes: [] + # - name: extra-volume + # secret: + # defaultMode: 420 + # optional: false + # secretName: node-exporter-secret + +## Extra volume mounts in the node-exporter container +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /extra + # readOnly: true + # Override version of app, required if image.tag is defined and does not follow semver version: "" diff --git a/packages/system/monitoring-agents/values.yaml b/packages/system/monitoring-agents/values.yaml index d7cb50af..4f1694e3 100644 --- a/packages/system/monitoring-agents/values.yaml +++ b/packages/system/monitoring-agents/values.yaml @@ -28,6 +28,8 @@ metrics-server: name: vmalertmanager-alertmanager kube-state-metrics: + extraArgs: + - --metric-labels-allowlist=pods=[*],deployments=[*] rbac: extraRules: - apiGroups: diff --git a/packages/system/piraeus-operator/alerts/piraeus-datastore.yaml b/packages/system/piraeus-operator/alerts/piraeus-datastore.yaml new file mode 100644 index 00000000..77512847 --- /dev/null +++ b/packages/system/piraeus-operator/alerts/piraeus-datastore.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: piraeus-datastore +spec: + groups: + - name: linstor.rules + rules: + - alert: linstorControllerOffline + annotations: + description: | + LINSTOR Controller is not reachable. + expr: up{job="linstor-controller"} == 0 + labels: + severity: critical + - alert: linstorSatelliteErrorRate + annotations: + description: | + LINSTOR Satellite "{{ $labels.name }}" reports {{ $value }} errors in the last 15 minutes. + Use "linstor error-reports list --nodes {{ $labels.name }} --since 15minutes" to see them. + expr: increase(linstor_error_reports_count{module="SATELLITE"}[15m]) > 0 + labels: + severity: warning + - alert: linstorControllerErrorRate + annotations: + description: | + LINSTOR Controller reports {{ $value }} errors in the last 15 minutes. + Use "linstor error-reports list --since 15minutes" to see them. + expr: increase(linstor_error_reports_count{module="CONTROLLER"}[15m]) > 0 + labels: + severity: warning + - alert: linstorSatelliteNotOnline + annotations: + description: | + LINSTOR Satellite "{{ $labels.name }}" is not ONLINE. + Check that the Satellite is running and reachable from the LINSTOR Controller. + expr: linstor_node_state{nodetype="SATELLITE"} != 2 + labels: + severity: critical + - alert: linstorStoragePoolErrors + annotations: + description: | + Storage pool "{{ $labels.storage_pool }}" on node "{{ $labels.node }}" ({{ $labels.driver }}={{ $labels.backing_pool }}) is reporting errors. + expr: linstor_storage_pool_error_count > 0 + labels: + severity: critical + - alert: linstorStoragePoolAtCapacity + annotations: + description: | + Storage pool "{{ $labels.storage_pool }}" on node "{{ $labels.node }}" ({{ $labels.driver }}={{ $labels.backing_pool }}) has less than 20% free space available. + expr: ( linstor_storage_pool_capacity_free_bytes / linstor_storage_pool_capacity_total_bytes ) < 0.20 + labels: + severity: warn + - name: drbd.rules + rules: + - alert: drbdReactorOffline + annotations: + description: | + DRBD Reactor on "{{ $labels.node }}" is not reachable. + expr: up{job="piraeus-datastore/linstor-satellite"} == 0 + labels: + severity: critical + - alert: drbdConnectionNotConnected + annotations: + description: | + DRBD Resource "{{ $labels.name }}" on "{{ $labels.node }}" is not connected to "{{ $labels.conn_name }}": {{ $labels.drbd_connection_state }}. + expr: drbd_connection_state{drbd_connection_state!="Connected"} > 0 + labels: + severity: warn + - alert: drbdDeviceNotUpToDate + annotations: + description: | + DRBD device "{{ $labels.name }}" on "{{ $labels.node }}" has unexpected device state "{{ $labels.drbd_device_state }}". + expr: drbd_device_state{drbd_device_state!~"UpToDate|Diskless"} > 0 + labels: + severity: warn + - alert: drbdDeviceUnintentionalDiskless + annotations: + description: | + DRBD device "{{ $labels.name }}" on "{{ $labels.node }}" is unintenionally diskless. + This usually indicates IO errors reported on the backing device. Check the kernel log. + expr: drbd_device_unintentionaldiskless > 0 + labels: + severity: warn + - alert: drbdDeviceWithoutQuorum + annotations: + description: | + DRBD device "{{ $labels.name }}" on "{{ $labels.node }}" has no quorum. + This usually indicates connectivity issues. + expr: drbd_device_quorum == 0 + labels: + severity: warn + - alert: drbdResourceSuspended + annotations: + description: | + DRBD resource "{{ $labels.name }}" on "{{ $labels.node }}" has been suspended for 1m. + for: 1m + expr: drbd_resource_suspended > 0 + labels: + severity: warn + - alert: drbdResourceResyncWithoutProgress + annotations: + description: | + DRBD resource "{{ $labels.name }}" on "{{ $labels.node }}" has been in Inconsistent without resync progress for 5 minutes. + This may indicate there is no connection to UpToDate data, or a stuck resync. + expr: drbd_device_state{drbd_device_state="Inconsistent"} and delta(drbd_peerdevice_outofsync_bytes[5m]) >= 0 + labels: + severity: warn + - alert: drbdResourceWithNoUpToDateReplicas + annotations: + description: | + DRBD resource "{{ $labels.name }}" has no UpToDate replicas. + expr: sum by (name) (drbd_device_state{drbd_device_state="UpToDate"}) == 0 + labels: + severity: critical diff --git a/packages/system/piraeus-operator/templates/alerts.yaml b/packages/system/piraeus-operator/templates/alerts.yaml new file mode 100644 index 00000000..70d47014 --- /dev/null +++ b/packages/system/piraeus-operator/templates/alerts.yaml @@ -0,0 +1,7 @@ +{{- $files := .Files.Glob "alerts/*.yaml" -}} +{{- range $path, $file := $files }} +--- +# from: {{ $path }} +{{ toString $file }} + +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/Chart.yaml b/packages/system/vertical-pod-autoscaler/Chart.yaml new file mode 100644 index 00000000..c4b24641 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-vertical-pod-autoscaler +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/vertical-pod-autoscaler/Makefile b/packages/system/vertical-pod-autoscaler/Makefile new file mode 100644 index 00000000..465eef91 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/Makefile @@ -0,0 +1,11 @@ +export NAME=victoria-metrics-operator +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + # VictoriaMetrics operator + helm repo add cowboysysop https://cowboysysop.github.io/charts/ + helm repo update cowboysysop + helm pull cowboysysop/vertical-pod-autoscaler --untar --untardir charts diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/.helmignore b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.lock b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.lock new file mode 100644 index 00000000..995337f4 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami/ + version: 2.21.0 +digest: sha256:e25ca51f064e63a6b2d595f4bb318563de95e5e7ee2534b0457010be6acefc1e +generated: "2025-01-28T22:38:50.721673297Z" diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.yaml new file mode 100644 index 00000000..1087bc4b --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + artifacthub.io/signKey: | + fingerprint: 9E57D2479D48B84463EF491F66D280CE667AD6C8 + url: https://cowboysysop.github.io/charts/pgp-public-key-2022-02-19.asc + kubeVersion: '>=1.24' +apiVersion: v2 +appVersion: 1.3.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami/ + version: 2.21.0 +description: Set of components that automatically adjust the amount of CPU and memory + requested by pods running in the Kubernetes Cluster +home: https://github.com/kubernetes/autoscaler +icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg +maintainers: +- email: sebastien.prudhomme@gmail.com + name: sebastien-prudhomme +name: vertical-pod-autoscaler +sources: +- https://github.com/kubernetes/autoscaler +- https://github.com/cowboysysop/charts/tree/master/charts/vertical-pod-autoscaler +version: 10.0.0 diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/LICENSE b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/LICENSE new file mode 100644 index 00000000..f953294a --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020-present Sébastien Prud'homme + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/README.md b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/README.md new file mode 100644 index 00000000..b8b4aff8 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/README.md @@ -0,0 +1,458 @@ +# Vertical Pod Autoscaler + +[Vertical Pod Autoscaler](https://github.com/kubernetes/autoscaler) is a set of components that automatically adjust the amount of CPU and memory requested by pods running in the Kubernetes Cluster. + +**DISCLAIMER**: This is an unofficial chart not supported by Vertical Pod Autoscaler authors. + +## TL;DR; + +```bash +$ helm repo add cowboysysop https://cowboysysop.github.io/charts/ +$ helm install my-release cowboysysop/vertical-pod-autoscaler +``` + +## Introduction + +This chart bootstraps a Vertical Pod Autoscaler deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes >= 1.24 +- Metrics Server >= 0.2 (you can use the [bitnami/metrics-server](https://artifacthub.io/packages/helm/bitnami/metrics-server) chart) +- Helm >= 3.9 + +## Installing + +Install the chart using: + +```bash +$ helm repo add cowboysysop https://cowboysysop.github.io/charts/ +$ helm install my-release cowboysysop/vertical-pod-autoscaler +``` + +These commands deploy Vertical Pod Autoscaler on the Kubernetes cluster in the default configuration and with the release name `my-release`. The deployment configuration can be customized by specifying the customization parameters with the `helm install` command using the `--values` or `--set` arguments. Find more information in the [configuration section](#configuration) of this document. + +## Upgrading + +Upgrade the chart deployment using: + +```bash +$ helm upgrade my-release cowboysysop/vertical-pod-autoscaler +``` + +The command upgrades the existing `my-release` deployment with the most latest release of the chart. + +**TIP**: Use `helm repo update` to update information on available charts in the chart repositories. + +### Upgrading to version 10.0.0 + +The application has been updated to a major release, see the release notes for breaking changes: + +- https://github.com/kubernetes/autoscaler/releases/tag/vertical-pod-autoscaler-1.3.0 + +Information about services are no more injected into pod's environment variable. + +### Upgrading to version 9.0.0 + +The chart is now tested with Kubernetes >= 1.24 and Helm >= 3.9. + +Future upgrades may introduce undetected breaking changes if you continue to use older versions. + +### Upgrading to version 8.0.0 + +Some parameters related to port management have been modified: + +- Parameter `admissionController.metrics.service.port` has been renamed `admissionController.metrics.service.ports.metrics`. +- Parameter `recommender.metrics.service.port` has been renamed `recommender.metrics.service.ports.metrics`. +- Parameter `updater.metrics.service.port` has been renamed `updater.metrics.service.ports.metrics`. + +### Upgrading to version 7.0.0 + +Some parameters related to image management have been modified: + +- Registry prefix in `image.repository` parameters is now configured in `image.registry`. +- Parameter `imagePullSecrets` has been renamed `global.imagePullSecrets`. + +### Upgrading to version 6.0.0 + +The application version is no more compatible with Kubernetes 1.19, 1.20 and 1.21. + +### Upgrading to version 5.0.0 + +The application validates that all fields that specify CPU and memory have supported resolution: + +- CPU is a whole number of milli CPUs +- Memory is a whole number of bytes + +### Upgrading to version 4.0.0 + +The application version is no more compatible with Kubernetes 1.16. + +Custom resource definitions are now created and upgraded with a pre-install/pre-upgrade job. + +### Upgrading to version 3.0.0 + +The chart is no more compatible with Helm 2. + +Refer to the [Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/) for more information. + +### Upgrading to version 2.0.0 + +The port names have been changed to be compatible with Istio service mesh. + +## Uninstalling + +Uninstall the `my-release` deployment using: + +```bash +$ helm uninstall my-release +``` + +The command deletes the release named `my-release` and frees all the kubernetes resources associated with the release. + +**TIP**: Specify the `--purge` argument to the above command to remove the release from the store and make its name free for later use. + +Delete the `vpa-webhook-config` mutating webhook configuration automatically created by Vertical Pod Autoscaler admission controller component using: + +```bash +$ kubectl delete mutatingwebhookconfiguration vpa-webhook-config +``` + +Optionally, delete the custom resource definitions created by the chart using: + +**WARNING**: It will also try to delete all instances of the custom resource definitions. + +```bash +$ kubectl delete crd verticalpodautoscalers.autoscaling.k8s.io +$ kubectl delete crd verticalpodautoscalercheckpoints.autoscaling.k8s.io +``` + +## Configuration + +### Global parameters + +| Name | Description | Default | +| ------------------------- | ----------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + +### Common parameters + +| Name | Description | Default | +| ------------------- | ------------------------------------------------------------------------------------------------------------ | ------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | Partially override `vertical-pod-autoscaler.fullname` template with a string (will prepend the release name) | `""` | +| `fullnameOverride` | Fully override `vertical-pod-autoscaler.fullname` template with a string | `""` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + +### Admission controller parameters + +| Name | Description | Default | +| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | +| `admissionController.enabled` | Enable the component | `true` | +| `admissionController.replicaCount` | Number of replicas | `1` | +| `admissionController.image.registry` | Image registry | `registry.k8s.io` | +| `admissionController.image.repository` | Image repository | `autoscaling/vpa-admission-controller` | +| `admissionController.image.tag` | Image tag | `1.3.0` | +| `admissionController.image.digest` | Image digest | `""` | +| `admissionController.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `admissionController.pdb.create` | Specifies whether a pod disruption budget should be created | `false` | +| `admissionController.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `admissionController.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | +| `admissionController.serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `admissionController.serviceAccount.annotations` | Service account annotations | `{}` | +| `admissionController.serviceAccount.name` | The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) | `nil` | +| `admissionController.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `false` | +| `admissionController.hostAliases` | Pod host aliases | `[]` | +| `admissionController.deploymentAnnotations` | Additional deployment annotations | `{}` | +| `admissionController.podAnnotations` | Additional pod annotations | `{}` | +| `admissionController.podLabels` | Additional pod labels | `{}` | +| `admissionController.podSecurityContext` | Pod security context | | +| `admissionController.podSecurityContext.runAsNonRoot` | Whether the container must run as a non-root user | `true` | +| `admissionController.podSecurityContext.runAsUser` | The UID to run the entrypoint of the container process | `65534` | +| `admissionController.podSecurityContext.runAsGroup` | The GID to run the entrypoint of the container process | `65534` | +| `admissionController.hostNetwork` | Use the host network | `false` | +| `admissionController.priorityClassName` | Priority class name | `nil` | +| `admissionController.runtimeClassName` | Runtime class name | `""` | +| `admissionController.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `admissionController.securityContext` | Container security context | `{}` | +| `admissionController.containerPorts.https` | Container port for HTTPS | `8000` | +| `admissionController.containerPorts.metrics` | Container port for Metrics | `8944` | +| `admissionController.livenessProbe.enabled` | Enable liveness probe | `true` | +| `admissionController.livenessProbe.initialDelaySeconds` | Delay before the liveness probe is initiated | `0` | +| `admissionController.livenessProbe.periodSeconds` | How often to perform the liveness probe | `10` | +| `admissionController.livenessProbe.timeoutSeconds` | When the liveness probe times out | `1` | +| `admissionController.livenessProbe.failureThreshold` | Minimum consecutive failures for the liveness probe to be considered failed after having succeeded | `3` | +| `admissionController.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | +| `admissionController.readinessProbe.enabled` | Enable readiness probe | `true` | +| `admissionController.readinessProbe.initialDelaySeconds` | Delay before the readiness probe is initiated | `0` | +| `admissionController.readinessProbe.periodSeconds` | How often to perform the readiness probe | `10` | +| `admissionController.readinessProbe.timeoutSeconds` | When the readiness probe times out | `1` | +| `admissionController.readinessProbe.failureThreshold` | Minimum consecutive failures for the readiness probe to be considered failed after having succeeded | `3` | +| `admissionController.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | +| `admissionController.startupProbe.enabled` | Enable startup probe | `false` | +| `admissionController.startupProbe.initialDelaySeconds` | Delay before the startup probe is initiated | `0` | +| `admissionController.startupProbe.periodSeconds` | How often to perform the startup probe | `10` | +| `admissionController.startupProbe.timeoutSeconds` | When the startup probe times out | `1` | +| `admissionController.startupProbe.failureThreshold` | Minimum consecutive failures for the startup probe to be considered failed after having succeeded | `3` | +| `admissionController.startupProbe.successThreshold` | Minimum consecutive successes for the startup probe to be considered successful after having failed | `1` | +| `admissionController.service.annotations` | Service annotations | `{}` | +| `admissionController.service.type` | Service type | `ClusterIP` | +| `admissionController.service.clusterIP` | Static cluster IP address or None for headless service when service type is ClusterIP | `nil` | +| `admissionController.service.ipFamilyPolicy` | Service IP family policy | `""` | +| `admissionController.service.ipFamilies` | Service IP families | `[]` | +| `admissionController.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `admissionController.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `admissionController.service.ports.https` | Service port for HTTPS (do not change it) | `443` | +| `admissionController.resources` | CPU/Memory resource requests/limits | `{}` | +| `admissionController.nodeSelector` | Node labels for pod assignment | `{}` | +| `admissionController.tolerations` | Tolerations for pod assignment | `[]` | +| `admissionController.affinity` | Map of node/pod affinities | `{}` | +| `admissionController.extraArgs` | Additional container arguments | | +| `admissionController.extraArgs.v` | Number for the log level verbosity | `2` | +| `admissionController.extraEnvVars` | Additional container environment variables | `[]` | +| `admissionController.extraEnvVarsCM` | Name of existing ConfigMap containing additional container environment variables | `nil` | +| `admissionController.extraEnvVarsSecret` | Name of existing Secret containing additional container environment variables | `nil` | +| `admissionController.extraVolumes` | Optionally specify extra list of additional volumes | `[]` | +| `admissionController.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | +| `admissionController.metrics.service.annotations` | Metrics service annotations | `{}` | +| `admissionController.metrics.service.type` | Metrics service type | `ClusterIP` | +| `admissionController.metrics.service.clusterIP` | Metrics static cluster IP address or None for headless service when service type is ClusterIP | `nil` | +| `admissionController.metrics.service.ipFamilyPolicy` | Metrics service IP family policy | `""` | +| `admissionController.metrics.service.ipFamilies` | Metrics service IP families | `[]` | +| `admissionController.metrics.service.ports.metrics` | Metrics service port for Metrics | `8944` | +| `admissionController.metrics.serviceMonitor.enabled` | Specifies whether a service monitor should be created | `false` | +| `admissionController.metrics.serviceMonitor.namespace` | Namespace in which to create the service monitor | `""` | +| `admissionController.metrics.serviceMonitor.annotations` | Service monitor annotations | `{}` | +| `admissionController.metrics.serviceMonitor.labels` | Additional service monitor labels | `{}` | +| `admissionController.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `admissionController.metrics.serviceMonitor.honorLabels` | Whether to choose the metric’s labels on collisions with target labels | `false` | +| `admissionController.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `admissionController.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `admissionController.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `admissionController.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `admissionController.tls.caCert` | TLS CA certificate (Generated using the `genCA` function if not set) | `""` | +| `admissionController.tls.cert` | TLS certificate (Generated using the `genSignedCert` function if not set) | `""` | +| `admissionController.tls.key` | TLS private key (Generated using the `genSignedCert` function if not set) | `""` | +| `admissionController.tls.existingSecret` | Name of existing TLS Secret to use | `""` | + +### Recommender parameters + +| Name | Description | Default | +| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| `recommender.replicaCount` | Number of replicas | `1` | +| `recommender.image.registry` | Image registry | `registry.k8s.io` | +| `recommender.image.repository` | Image repository | `autoscaling/vpa-recommender` | +| `recommender.image.tag` | Image tag | `1.3.0` | +| `recommender.image.digest` | Image digest | `""` | +| `recommender.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `recommender.pdb.create` | Specifies whether a pod disruption budget should be created | `false` | +| `recommender.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `recommender.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | +| `recommender.serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `recommender.serviceAccount.annotations` | Service account annotations | `{}` | +| `recommender.serviceAccount.name` | The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) | `nil` | +| `recommender.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `false` | +| `recommender.hostAliases` | Pod host aliases | `[]` | +| `recommender.deploymentAnnotations` | Additional deployment annotations | `{}` | +| `recommender.podAnnotations` | Additional pod annotations | `{}` | +| `recommender.podLabels` | Additional pod labels | `{}` | +| `recommender.podSecurityContext` | Pod security context | | +| `recommender.podSecurityContext.runAsNonRoot` | Whether the container must run as a non-root user | `true` | +| `recommender.podSecurityContext.runAsUser` | The UID to run the entrypoint of the container process | `65534` | +| `recommender.podSecurityContext.runAsGroup` | The GID to run the entrypoint of the container process | `65534` | +| `recommender.priorityClassName` | Priority class name | `nil` | +| `recommender.runtimeClassName` | Runtime class name | `""` | +| `recommender.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `recommender.securityContext` | Container security context | `{}` | +| `recommender.containerPorts.metrics` | Container port for Metrics | `8942` | +| `recommender.livenessProbe.enabled` | Enable liveness probe | `true` | +| `recommender.livenessProbe.initialDelaySeconds` | Delay before the liveness probe is initiated | `0` | +| `recommender.livenessProbe.periodSeconds` | How often to perform the liveness probe | `10` | +| `recommender.livenessProbe.timeoutSeconds` | When the liveness probe times out | `1` | +| `recommender.livenessProbe.failureThreshold` | Minimum consecutive failures for the liveness probe to be considered failed after having succeeded | `3` | +| `recommender.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | +| `recommender.readinessProbe.enabled` | Enable readiness probe | `true` | +| `recommender.readinessProbe.initialDelaySeconds` | Delay before the readiness probe is initiated | `0` | +| `recommender.readinessProbe.periodSeconds` | How often to perform the readiness probe | `10` | +| `recommender.readinessProbe.timeoutSeconds` | When the readiness probe times out | `1` | +| `recommender.readinessProbe.failureThreshold` | Minimum consecutive failures for the readiness probe to be considered failed after having succeeded | `3` | +| `recommender.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | +| `recommender.startupProbe.enabled` | Enable startup probe | `false` | +| `recommender.startupProbe.initialDelaySeconds` | Delay before the startup probe is initiated | `0` | +| `recommender.startupProbe.periodSeconds` | How often to perform the startup probe | `10` | +| `recommender.startupProbe.timeoutSeconds` | When the startup probe times out | `1` | +| `recommender.startupProbe.failureThreshold` | Minimum consecutive failures for the startup probe to be considered failed after having succeeded | `3` | +| `recommender.startupProbe.successThreshold` | Minimum consecutive successes for the startup probe to be considered successful after having failed | `1` | +| `recommender.resources` | CPU/Memory resource requests/limits | `{}` | +| `recommender.nodeSelector` | Node labels for pod assignment | `{}` | +| `recommender.tolerations` | Tolerations for pod assignment | `[]` | +| `recommender.affinity` | Map of node/pod affinities | `{}` | +| `recommender.extraArgs` | Additional container arguments | | +| `recommender.extraArgs.v` | Number for the log level verbosity | `2` | +| `recommender.extraEnvVars` | Additional container environment variables | `[]` | +| `recommender.extraEnvVarsCM` | Name of existing ConfigMap containing additional container environment variables | `nil` | +| `recommender.extraEnvVarsSecret` | Name of existing Secret containing additional container environment variables | `nil` | +| `recommender.extraVolumes` | Optionally specify extra list of additional volumes | `[]` | +| `recommender.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | +| `recommender.metrics.service.annotations` | Metrics service annotations | `{}` | +| `recommender.metrics.service.type` | Metrics service type | `ClusterIP` | +| `recommender.metrics.service.clusterIP` | Metrics static cluster IP address or None for headless service when service type is ClusterIP | `nil` | +| `recommender.metrics.service.ipFamilyPolicy` | Metrics service IP family policy | `""` | +| `recommender.metrics.service.ipFamilies` | Metrics service IP families | `[]` | +| `recommender.metrics.service.ports.metrics` | Metrics service port for Metrics | `8942` | +| `recommender.metrics.serviceMonitor.enabled` | Specifies whether a service monitor should be created | `false` | +| `recommender.metrics.serviceMonitor.namespace` | Namespace in which to create the service monitor | `""` | +| `recommender.metrics.serviceMonitor.annotations` | Service monitor annotations | `{}` | +| `recommender.metrics.serviceMonitor.labels` | Additional service monitor labels | `{}` | +| `recommender.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `recommender.metrics.serviceMonitor.honorLabels` | Whether to choose the metric’s labels on collisions with target labels | `false` | +| `recommender.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `recommender.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `recommender.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `recommender.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | + +### Updater parameters + +| Name | Description | Default | +| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `updater.enabled` | Enable the component | `true` | +| `updater.replicaCount` | Number of replicas | `1` | +| `updater.image.registry` | Image registry | `registry.k8s.io` | +| `updater.image.repository` | Image repository | `autoscaling/vpa-updater` | +| `updater.image.tag` | Image tag | `1.3.0` | +| `updater.image.digest` | Image digest | `""` | +| `updater.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `updater.pdb.create` | Specifies whether a pod disruption budget should be created | `false` | +| `updater.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `updater.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | +| `updater.serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `updater.serviceAccount.annotations` | Service account annotations | `{}` | +| `updater.serviceAccount.name` | The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) | `nil` | +| `updater.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `false` | +| `updater.hostAliases` | Pod host aliases | `[]` | +| `updater.deploymentAnnotations` | Additional deployment annotations | `{}` | +| `updater.podAnnotations` | Additional pod annotations | `{}` | +| `updater.podLabels` | Additional pod labels | `{}` | +| `updater.podSecurityContext` | Pod security context | | +| `updater.podSecurityContext.runAsNonRoot` | Whether the container must run as a non-root user | `true` | +| `updater.podSecurityContext.runAsUser` | The UID to run the entrypoint of the container process | `65534` | +| `updater.podSecurityContext.runAsGroup` | The GID to run the entrypoint of the container process | `65534` | +| `updater.priorityClassName` | Priority class name | `nil` | +| `updater.runtimeClassName` | Runtime class name | `""` | +| `updater.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `updater.securityContext` | Container security context | `{}` | +| `updater.containerPorts.metrics` | Container port for Metrics | `8943` | +| `updater.livenessProbe.enabled` | Enable liveness probe | `true` | +| `updater.livenessProbe.initialDelaySeconds` | Delay before the liveness probe is initiated | `0` | +| `updater.livenessProbe.periodSeconds` | How often to perform the liveness probe | `10` | +| `updater.livenessProbe.timeoutSeconds` | When the liveness probe times out | `1` | +| `updater.livenessProbe.failureThreshold` | Minimum consecutive failures for the liveness probe to be considered failed after having succeeded | `3` | +| `updater.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | +| `updater.readinessProbe.enabled` | Enable readiness probe | `true` | +| `updater.readinessProbe.initialDelaySeconds` | Delay before the readiness probe is initiated | `0` | +| `updater.readinessProbe.periodSeconds` | How often to perform the readiness probe | `10` | +| `updater.readinessProbe.timeoutSeconds` | When the readiness probe times out | `1` | +| `updater.readinessProbe.failureThreshold` | Minimum consecutive failures for the readiness probe to be considered failed after having succeeded | `3` | +| `updater.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | +| `updater.startupProbe.enabled` | Enable startup probe | `false` | +| `updater.startupProbe.initialDelaySeconds` | Delay before the startup probe is initiated | `0` | +| `updater.startupProbe.periodSeconds` | How often to perform the startup probe | `10` | +| `updater.startupProbe.timeoutSeconds` | When the startup probe times out | `1` | +| `updater.startupProbe.failureThreshold` | Minimum consecutive failures for the startup probe to be considered failed after having succeeded | `3` | +| `updater.startupProbe.successThreshold` | Minimum consecutive successes for the startup probe to be considered successful after having failed | `1` | +| `updater.resources` | CPU/Memory resource requests/limits | `{}` | +| `updater.nodeSelector` | Node labels for pod assignment | `{}` | +| `updater.tolerations` | Tolerations for pod assignment | `[]` | +| `updater.affinity` | Map of node/pod affinities | `{}` | +| `updater.extraArgs` | Additional container arguments | | +| `updater.extraArgs.v` | Number for the log level verbosity | `2` | +| `updater.extraEnvVars` | Additional container environment variables | `[]` | +| `updater.extraEnvVarsCM` | Name of existing ConfigMap containing additional container environment variables | `nil` | +| `updater.extraEnvVarsSecret` | Name of existing Secret containing additional container environment variables | `nil` | +| `updater.extraVolumes` | Optionally specify extra list of additional volumes | `[]` | +| `updater.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | +| `updater.metrics.service.annotations` | Metrics service annotations | `{}` | +| `updater.metrics.service.type` | Metrics service type | `ClusterIP` | +| `updater.metrics.service.clusterIP` | Metrics static cluster IP address or None for headless service when service type is ClusterIP | `nil` | +| `updater.metrics.service.ipFamilyPolicy` | Metrics service IP family policy | `""` | +| `updater.metrics.service.ipFamilies` | Metrics service IP families | `[]` | +| `updater.metrics.service.ports.metrics` | Metrics service port for Metrics | `8943` | +| `updater.metrics.serviceMonitor.enabled` | Specifies whether a service monitor should be created | `false` | +| `updater.metrics.serviceMonitor.namespace` | Namespace in which to create the service monitor | `""` | +| `updater.metrics.serviceMonitor.annotations` | Service monitor annotations | `{}` | +| `updater.metrics.serviceMonitor.labels` | Additional service monitor labels | `{}` | +| `updater.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `updater.metrics.serviceMonitor.honorLabels` | Whether to choose the metric’s labels on collisions with target labels | `false` | +| `updater.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `updater.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `updater.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `updater.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | + +### CRDs parameters + +| Name | Description | Default | +| -------------------------------------- | ------------------------------------------------------ | ----------------- | +| `crds.enabled` | Enable CRDs | `true` | +| `crds.image.registry` | Image registry | `docker.io` | +| `crds.image.repository` | Image repository | `bitnami/kubectl` | +| `crds.image.tag` | Image tag | `1.29.3` | +| `crds.image.digest` | Image digest | `""` | +| `crds.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `crds.podAnnotations` | Additional pod annotations | `{}` | +| `crds.podLabels` | Additional pod labels | `{}` | +| `crds.podSecurityContext` | Pod security context | | +| `crds.podSecurityContext.runAsNonRoot` | Whether the container must run as a non-root user | `true` | +| `crds.podSecurityContext.runAsUser` | The UID to run the entrypoint of the container process | `1001` | +| `crds.podSecurityContext.runAsGroup` | The GID to run the entrypoint of the container process | `1001` | +| `crds.securityContext` | Container security context | `{}` | +| `crds.resources` | CPU/Memory resource requests/limits | `{}` | +| `crds.nodeSelector` | Node labels for pod assignment | `{}` | +| `crds.tolerations` | Tolerations for pod assignment | `[]` | +| `crds.affinity` | Map of node/pod affinities | `{}` | + +### Tests parameters + +| Name | Description | Default | +| ------------------------ | ----------------- | -------------------- | +| `tests.image.registry` | Image registry | `ghcr.io` | +| `tests.image.repository` | Image repository | `cowboysysop/pytest` | +| `tests.image.tag` | Image tag | `1.0.41` | +| `tests.image.digest` | Image digest | `""` | +| `tests.image.pullPolicy` | Image pull policy | `IfNotPresent` | + +## Setting parameters + +Specify the parameters you which to customize using the `--set` argument to the `helm install` command. For instance, + +```bash +$ helm install my-release \ + --set nameOverride=my-name cowboysysop/vertical-pod-autoscaler +``` + +The above command sets the `nameOverride` to `my-name`. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release \ + --values values.yaml cowboysysop/vertical-pod-autoscaler +``` + +**TIP**: You can use the default [values.yaml](values.yaml). + +## Limitations + +Due to hard-coded values in Vertical Pod Autoscaler, the chart configuration has some limitations: + +- Admission controller component service name is `vpa-webhook` +- Admission controller component service port is `443` +- Mutating webhook configuration name automatically created by admission controller component is `vpa-webhook-config` + +## License + +The source code of this chart is under [MIT License](LICENSE). + +It also uses source code under Apache 2.0 License from the [Bitnami repository](https://github.com/bitnami/charts). diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/.helmignore b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/.helmignore new file mode 100644 index 00000000..d0e10845 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/Chart.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/Chart.yaml new file mode 100644 index 00000000..8af61a71 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.21.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://bitnami.com +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/common +type: library +version: 2.21.0 diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/README.md b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/README.md new file mode 100644 index 00000000..fee26c99 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_affinities.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..c2d29079 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_capabilities.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..2fe81d32 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_capabilities.tpl @@ -0,0 +1,229 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if (.Values.ingress).apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_compatibility.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_compatibility.tpl new file mode 100644 index 00000000..eb4061d7 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_compatibility.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_errors.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..e9653651 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_images.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_images.tpl new file mode 100644 index 00000000..6821b1ce --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_images.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} + +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- range ((.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- range (($context.Values.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_ingress.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..7d2b8798 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_labels.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..0a0cc548 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_names.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_names.tpl new file mode 100644 index 00000000..ba839568 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_resources.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_resources.tpl new file mode 100644 index 00000000..d8a43e1c --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_secrets.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..801918ce --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_secrets.tpl @@ -0,0 +1,185 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- end }} + +{{- if not $password }} + {{- if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- else }} + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- if not (eq .failOnNew false) }} + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + {{- end }} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} + {{- end -}} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_storage.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..aa75856c --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_storage.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} +{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else -}} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_tplvalues.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..c84d72c8 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_utils.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..d53c74aa --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_warnings.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..e4dbecde --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/_warnings.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html +{{- end }} +{{- end -}} + +{{/* +Warning about replaced images from the original. +Usage: +{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.warnings.modifiedImages" -}} +{{- $affectedImages := list -}} +{{- $printMessage := false -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- if not (contains $fullImageName $originalImages) }} + {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- $printMessage = true -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. + +Substituted images detected: +{{- range $affectedImages }} + - {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_cassandra.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..3f41ff8f --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mariadb.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..6ea8c0f4 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mongodb.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..d4cd38cb --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mysql.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..924812a9 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_postgresql.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..0fa0b146 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_redis.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..f4778256 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_validations.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..7cdee617 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/values.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/values.yaml new file mode 100644 index 00000000..de2cac57 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/ci/default-values.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/ci/default-values.yaml new file mode 100644 index 00000000..72937b9e --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/ci/default-values.yaml @@ -0,0 +1 @@ +fullnameOverride: vertical-pod-autoscaler diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalercheckpoints.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalercheckpoints.yaml new file mode 100644 index 00000000..89db4b15 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalercheckpoints.yaml @@ -0,0 +1,228 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: verticalpodautoscalercheckpoints.autoscaling.k8s.io + labels: + {{- include "vertical-pod-autoscaler.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797 + controller-gen.kubebuilder.io/version: v0.16.5 + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + group: autoscaling.k8s.io + names: + kind: VerticalPodAutoscalerCheckpoint + listKind: VerticalPodAutoscalerCheckpointList + plural: verticalpodautoscalercheckpoints + shortNames: + - vpacheckpoint + singular: verticalpodautoscalercheckpoint + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscalerCheckpoint is the checkpoint of the internal state of VPA that + is used for recovery after recommender's restart. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the checkpoint. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + containerName: + description: Name of the checkpointed container. + type: string + vpaObjectName: + description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint + object. + type: string + type: object + status: + description: Data of the checkpoint. + properties: + cpuHistogram: + description: Checkpoint of histogram for consumption of CPU. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + firstSampleStart: + description: Timestamp of the fist sample from the histograms. + format: date-time + nullable: true + type: string + lastSampleStart: + description: Timestamp of the last sample from the histograms. + format: date-time + nullable: true + type: string + lastUpdateTime: + description: The time when the status was last refreshed. + format: date-time + nullable: true + type: string + memoryHistogram: + description: Checkpoint of histogram for consumption of memory. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + totalSamplesCount: + description: Total number of samples in the histograms. + type: integer + version: + description: Version of the format of the stored data. + type: string + type: object + type: object + served: true + storage: true + - name: v1beta2 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscalerCheckpoint is the checkpoint of the internal state of VPA that + is used for recovery after recommender's restart. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the checkpoint. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + containerName: + description: Name of the checkpointed container. + type: string + vpaObjectName: + description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint + object. + type: string + type: object + status: + description: Data of the checkpoint. + properties: + cpuHistogram: + description: Checkpoint of histogram for consumption of CPU. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + firstSampleStart: + description: Timestamp of the fist sample from the histograms. + format: date-time + nullable: true + type: string + lastSampleStart: + description: Timestamp of the last sample from the histograms. + format: date-time + nullable: true + type: string + lastUpdateTime: + description: The time when the status was last refreshed. + format: date-time + nullable: true + type: string + memoryHistogram: + description: Checkpoint of histogram for consumption of memory. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + totalSamplesCount: + description: Total number of samples in the histograms. + type: integer + version: + description: Version of the format of the stored data. + type: string + type: object + type: object + served: false + storage: false diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalers.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalers.yaml new file mode 100644 index 00000000..bb858aa4 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/files/crds/verticalpodautoscalers.yaml @@ -0,0 +1,620 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: verticalpodautoscalers.autoscaling.k8s.io + labels: + {{- include "vertical-pod-autoscaler.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797 + controller-gen.kubebuilder.io/version: v0.16.5 + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + group: autoscaling.k8s.io + names: + kind: VerticalPodAutoscaler + listKind: VerticalPodAutoscalerList + plural: verticalpodautoscalers + shortNames: + - vpa + singular: verticalpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.updatePolicy.updateMode + name: Mode + type: string + - jsonPath: .status.recommendation.containerRecommendations[0].target.cpu + name: CPU + type: string + - jsonPath: .status.recommendation.containerRecommendations[0].target.memory + name: Mem + type: string + - jsonPath: .status.conditions[?(@.type=='RecommendationProvided')].status + name: Provided + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscaler is the configuration for a vertical pod + autoscaler, which automatically manages pod resources based on historical and + real time resource utilization. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the behavior of the autoscaler. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + recommenders: + description: |- + Recommender responsible for generating recommendation for this object. + List should be empty (then the default recommender will generate the + recommendation) or contain exactly one recommender. + items: + description: |- + VerticalPodAutoscalerRecommenderSelector points to a specific Vertical Pod Autoscaler recommender. + In the future it might pass parameters to the recommender. + properties: + name: + description: Name of the recommender responsible for generating + recommendation for this object. + type: string + required: + - name + type: object + type: array + resourcePolicy: + description: |- + Controls how the autoscaler computes recommended resources. + The resource policy may be used to set constraints on the recommendations + for individual containers. + If any individual containers need to be excluded from getting the VPA recommendations, then + it must be disabled explicitly by setting mode to "Off" under containerPolicies. + If not specified, the autoscaler computes recommended resources for all containers in the pod, + without additional constraints. + properties: + containerPolicies: + description: Per-container resource policies. + items: + description: |- + ContainerResourcePolicy controls how autoscaler computes the recommended + resources for a specific container. + properties: + containerName: + description: |- + Name of the container or DefaultContainerResourcePolicy, in which + case the policy is used by the containers that don't have their own + policy specified. + type: string + controlledResources: + description: |- + Specifies the type of recommendations that will be computed + (and possibly applied) by VPA. + If not specified, the default of [ResourceCPU, ResourceMemory] will be used. + items: + description: ResourceName is the name identifying various + resources in a ResourceList. + type: string + type: array + controlledValues: + description: |- + Specifies which resource values should be controlled. + The default is "RequestsAndLimits". + enum: + - RequestsAndLimits + - RequestsOnly + type: string + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the maximum amount of resources that will be recommended + for the container. The default is no maximum. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the minimal amount of resources that will be recommended + for the container. The default is no minimum. + type: object + mode: + description: Whether autoscaler is enabled for the container. + The default is "Auto". + enum: + - Auto + - "Off" + type: string + type: object + type: array + type: object + targetRef: + description: |- + TargetRef points to the controller managing the set of pods for the + autoscaler to control - e.g. Deployment, StatefulSet. VerticalPodAutoscaler + can be targeted at controller implementing scale subresource (the pod set is + retrieved from the controller's ScaleStatus) or some well known controllers + (e.g. for DaemonSet the pod set is read from the controller's spec). + If VerticalPodAutoscaler cannot use specified target it will report + ConfigUnsupported condition. + Note that VerticalPodAutoscaler does not require full implementation + of scale subresource - it will not use it to modify the replica count. + The only thing retrieved is a label selector matching pods grouped by + the target resource. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + updatePolicy: + description: |- + Describes the rules on how changes are applied to the pods. + If not specified, all fields in the `PodUpdatePolicy` are set to their + default values. + properties: + evictionRequirements: + description: |- + EvictionRequirements is a list of EvictionRequirements that need to + evaluate to true in order for a Pod to be evicted. If more than one + EvictionRequirement is specified, all of them need to be fulfilled to allow eviction. + items: + description: |- + EvictionRequirement defines a single condition which needs to be true in + order to evict a Pod + properties: + changeRequirement: + description: EvictionChangeRequirement refers to the relationship + between the new target recommendation for a Pod and its + current requests, what kind of change is necessary for + the Pod to be evicted + enum: + - TargetHigherThanRequests + - TargetLowerThanRequests + type: string + resources: + description: |- + Resources is a list of one or more resources that the condition applies + to. If more than one resource is given, the EvictionRequirement is fulfilled + if at least one resource meets `changeRequirement`. + items: + description: ResourceName is the name identifying various + resources in a ResourceList. + type: string + type: array + required: + - changeRequirement + - resources + type: object + type: array + minReplicas: + description: |- + Minimal number of replicas which need to be alive for Updater to attempt + pod eviction (pending other checks like PDB). Only positive values are + allowed. Overrides global '--min-replicas' flag. + format: int32 + type: integer + updateMode: + description: |- + Controls when autoscaler applies changes to the pod resources. + The default is 'Auto'. + enum: + - "Off" + - Initial + - Recreate + - Auto + type: string + type: object + required: + - targetRef + type: object + status: + description: Current information about the autoscaler. + properties: + conditions: + description: |- + Conditions is the set of conditions required for this autoscaler to scale its target, + and indicates whether or not those conditions are met. + items: + description: |- + VerticalPodAutoscalerCondition describes the state of + a VerticalPodAutoscaler at a certain point. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from + one status to another + format: date-time + type: string + message: + description: |- + message is a human-readable explanation containing details about + the transition + type: string + reason: + description: reason is the reason for the condition's last transition. + type: string + status: + description: status is the status of the condition (True, False, + Unknown) + type: string + type: + description: type describes the current condition + type: string + required: + - status + - type + type: object + type: array + recommendation: + description: |- + The most recently computed amount of resources recommended by the + autoscaler for the controlled pods. + properties: + containerRecommendations: + description: Resources recommended by the autoscaler for each + container. + items: + description: |- + RecommendedContainerResources is the recommendation of resources computed by + autoscaler for a specific container. Respects the container resource policy + if present in the spec. In particular the recommendation is not produced for + containers with `ContainerScalingMode` set to 'Off'. + properties: + containerName: + description: Name of the container. + type: string + lowerBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Minimum recommended amount of resources. Observes ContainerResourcePolicy. + This amount is not guaranteed to be sufficient for the application to operate in a stable way, however + running with less resources is likely to have significant impact on performance/availability. + type: object + target: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Recommended amount of resources. Observes ContainerResourcePolicy. + type: object + uncappedTarget: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + The most recent recommended resources target computed by the autoscaler + for the controlled pods, based only on actual resource usage, not taking + into account the ContainerResourcePolicy. + May differ from the Recommendation if the actual resource usage causes + the target to violate the ContainerResourcePolicy (lower than MinAllowed + or higher that MaxAllowed). + Used only as status indication, will not affect actual resource assignment. + type: object + upperBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Maximum recommended amount of resources. Observes ContainerResourcePolicy. + Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum + amount of application is actually capable of consuming. + type: object + required: + - target + type: object + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + deprecationWarning: autoscaling.k8s.io/v1beta2 API is deprecated + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscaler is the configuration for a vertical pod + autoscaler, which automatically manages pod resources based on historical and + real time resource utilization. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the behavior of the autoscaler. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + resourcePolicy: + description: |- + Controls how the autoscaler computes recommended resources. + The resource policy may be used to set constraints on the recommendations + for individual containers. If not specified, the autoscaler computes recommended + resources for all containers in the pod, without additional constraints. + properties: + containerPolicies: + description: Per-container resource policies. + items: + description: |- + ContainerResourcePolicy controls how autoscaler computes the recommended + resources for a specific container. + properties: + containerName: + description: |- + Name of the container or DefaultContainerResourcePolicy, in which + case the policy is used by the containers that don't have their own + policy specified. + type: string + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the maximum amount of resources that will be recommended + for the container. The default is no maximum. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the minimal amount of resources that will be recommended + for the container. The default is no minimum. + type: object + mode: + description: Whether autoscaler is enabled for the container. + The default is "Auto". + enum: + - Auto + - "Off" + type: string + type: object + type: array + type: object + targetRef: + description: |- + TargetRef points to the controller managing the set of pods for the + autoscaler to control - e.g. Deployment, StatefulSet. VerticalPodAutoscaler + can be targeted at controller implementing scale subresource (the pod set is + retrieved from the controller's ScaleStatus) or some well known controllers + (e.g. for DaemonSet the pod set is read from the controller's spec). + If VerticalPodAutoscaler cannot use specified target it will report + ConfigUnsupported condition. + Note that VerticalPodAutoscaler does not require full implementation + of scale subresource - it will not use it to modify the replica count. + The only thing retrieved is a label selector matching pods grouped by + the target resource. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + updatePolicy: + description: |- + Describes the rules on how changes are applied to the pods. + If not specified, all fields in the `PodUpdatePolicy` are set to their + default values. + properties: + updateMode: + description: |- + Controls when autoscaler applies changes to the pod resources. + The default is 'Auto'. + enum: + - "Off" + - Initial + - Recreate + - Auto + type: string + type: object + required: + - targetRef + type: object + status: + description: Current information about the autoscaler. + properties: + conditions: + description: |- + Conditions is the set of conditions required for this autoscaler to scale its target, + and indicates whether or not those conditions are met. + items: + description: |- + VerticalPodAutoscalerCondition describes the state of + a VerticalPodAutoscaler at a certain point. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from + one status to another + format: date-time + type: string + message: + description: |- + message is a human-readable explanation containing details about + the transition + type: string + reason: + description: reason is the reason for the condition's last transition. + type: string + status: + description: status is the status of the condition (True, False, + Unknown) + type: string + type: + description: type describes the current condition + type: string + required: + - status + - type + type: object + type: array + recommendation: + description: |- + The most recently computed amount of resources recommended by the + autoscaler for the controlled pods. + properties: + containerRecommendations: + description: Resources recommended by the autoscaler for each + container. + items: + description: |- + RecommendedContainerResources is the recommendation of resources computed by + autoscaler for a specific container. Respects the container resource policy + if present in the spec. In particular the recommendation is not produced for + containers with `ContainerScalingMode` set to 'Off'. + properties: + containerName: + description: Name of the container. + type: string + lowerBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Minimum recommended amount of resources. Observes ContainerResourcePolicy. + This amount is not guaranteed to be sufficient for the application to operate in a stable way, however + running with less resources is likely to have significant impact on performance/availability. + type: object + target: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Recommended amount of resources. Observes ContainerResourcePolicy. + type: object + uncappedTarget: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + The most recent recommended resources target computed by the autoscaler + for the controlled pods, based only on actual resource usage, not taking + into account the ContainerResourcePolicy. + May differ from the Recommendation if the actual resource usage causes + the target to violate the ContainerResourcePolicy (lower than MinAllowed + or higher that MaxAllowed). + Used only as status indication, will not affect actual resource assignment. + type: object + upperBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Maximum recommended amount of resources. Observes ContainerResourcePolicy. + Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum + amount of application is actually capable of consuming. + type: object + required: + - target + type: object + type: array + type: object + type: object + required: + - spec + type: object + served: false + storage: false + subresources: + status: {} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/NOTES.txt b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/NOTES.txt new file mode 100644 index 00000000..9217a4b5 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/NOTES.txt @@ -0,0 +1,5 @@ +** Please be patient while the chart is being deployed ** + +1. Get the application status by running the command: + +$ helm status {{ .Release.Name }} --namespace {{ .Release.Namespace }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/_helpers.tpl new file mode 100644 index 00000000..dd0850fe --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "vertical-pod-autoscaler.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "vertical-pod-autoscaler.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "vertical-pod-autoscaler.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.labels" -}} +helm.sh/chart: {{ include "vertical-pod-autoscaler.chart" . }} +{{ include "vertical-pod-autoscaler.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "vertical-pod-autoscaler.selectorLabels" -}} +app.kubernetes.io/name: {{ include "vertical-pod-autoscaler.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/_helpers.tpl new file mode 100644 index 00000000..3ffa7b61 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/_helpers.tpl @@ -0,0 +1,59 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +*/}} +{{- define "vertical-pod-autoscaler.admissionController.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.fullname" .) "admission-controller" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified metrics name. +*/}} +{{- define "vertical-pod-autoscaler.admissionController.metrics.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.admissionController.fullname" .) "metrics" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Component labels +*/}} +{{- define "vertical-pod-autoscaler.admissionController.componentLabels" -}} +app.kubernetes.io/component: admission-controller +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.admissionController.labels" -}} +{{ include "vertical-pod-autoscaler.labels" . }} +{{ include "vertical-pod-autoscaler.admissionController.componentLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "vertical-pod-autoscaler.admissionController.selectorLabels" -}} +{{ include "vertical-pod-autoscaler.selectorLabels" . }} +{{ include "vertical-pod-autoscaler.admissionController.componentLabels" . }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "vertical-pod-autoscaler.admissionController.serviceAccountName" -}} +{{- if .Values.admissionController.serviceAccount.create -}} + {{ default (include "vertical-pod-autoscaler.admissionController.fullname" .) .Values.admissionController.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.admissionController.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the tls secret to use +*/}} +{{- define "vertical-pod-autoscaler.admissionController.tls.secretName" -}} +{{- if .Values.admissionController.tls.existingSecret -}} + {{ .Values.admissionController.tls.existingSecret }} +{{- else -}} + {{- printf "%s-%s" (include "vertical-pod-autoscaler.admissionController.fullname" .) "tls" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrole.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrole.yaml new file mode 100644 index 00000000..7ce7822c --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrole.yaml @@ -0,0 +1,98 @@ +{{- if .Values.admissionController.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # system:vpa-target-reader + - apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + # system:vpa-admission-controller + - apiGroups: + - "" + resources: + - pods + - configmaps + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - apiGroups: + - "poc.autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - "autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - update + - get + - list + - watch +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrolebinding.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrolebinding.yaml new file mode 100644 index 00000000..c0e012ea --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.admissionController.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml new file mode 100644 index 00000000..f9a6bdc0 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml @@ -0,0 +1,162 @@ +{{- if .Values.admissionController.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admissionController.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.admissionController.deploymentAnnotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.admissionController.replicaCount }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 8 }} + {{- if .Values.admissionController.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.admissionController.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if not .Values.admissionController.tls.existingSecret }} + checksum/tls-secret: {{ include (print $.Template.BasePath "/admission-controller/tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.admissionController.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.admissionController.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + enableServiceLinks: {{ .Values.admissionController.enableServiceLinks }} + {{- include "common.images.pullSecrets" ( dict "images" ( list .Values.admissionController.image ) "global" .Values.global ) | nindent 6 }} + {{- if .Values.admissionController.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admissionController.hostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- end }} + {{- if .Values.admissionController.priorityClassName }} + priorityClassName: {{ .Values.admissionController.priorityClassName | quote }} + {{- end }} + {{- if .Values.admissionController.runtimeClassName }} + runtimeClassName: {{ .Values.admissionController.runtimeClassName | quote }} + {{- end }} + serviceAccountName: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} + {{- if .Values.admissionController.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.admissionController.podSecurityContext | nindent 8 }} + containers: + - name: admission-controller + securityContext: + {{- toYaml .Values.admissionController.securityContext | nindent 12 }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.admissionController.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }} + args: + - --address=:{{ .Values.admissionController.containerPorts.metrics }} + - --port={{ .Values.admissionController.containerPorts.https }} + - --client-ca-file=/tls-secret/ca.crt + - --tls-cert-file=/tls-secret/tls.crt + - --tls-private-key=/tls-secret/tls.key + {{- range $key, $value := .Values.admissionController.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + env: + - name: NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.admissionController.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.admissionController.extraEnvVarsCM .Values.admissionController.extraEnvVarsSecret }} + envFrom: + {{- if .Values.admissionController.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.admissionController.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.admissionController.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.admissionController.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: https + containerPort: {{ .Values.admissionController.containerPorts.https }} + protocol: TCP + - name: http-metrics + containerPort: {{ .Values.admissionController.containerPorts.metrics }} + protocol: TCP + {{- if .Values.admissionController.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.admissionController.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.admissionController.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.admissionController.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.admissionController.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.admissionController.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.admissionController.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.admissionController.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.admissionController.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.admissionController.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.admissionController.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.admissionController.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.admissionController.startupProbe.enabled }} + startupProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.admissionController.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.admissionController.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.admissionController.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values.admissionController.startupProbe.failureThreshold }} + successThreshold: {{ .Values.admissionController.startupProbe.successThreshold }} + {{- end }} + resources: + {{- toYaml .Values.admissionController.resources | nindent 12 }} + volumeMounts: + - name: tls-secret + mountPath: /tls-secret + readOnly: true + {{- if .Values.admissionController.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- with .Values.admissionController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admissionController.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admissionController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tls-secret + secret: + secretName: {{ include "vertical-pod-autoscaler.admissionController.tls.secretName" . }} + {{- if .Values.admissionController.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/metrics-service.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/metrics-service.yaml new file mode 100644 index 00000000..97897f52 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/metrics-service.yaml @@ -0,0 +1,33 @@ +{{- if .Values.admissionController.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.metrics.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admissionController.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.admissionController.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.admissionController.metrics.service.type }} + {{- if and (eq .Values.admissionController.metrics.service.type "ClusterIP") .Values.admissionController.metrics.service.clusterIP }} + clusterIP: {{ .Values.admissionController.metrics.service.clusterIP }} + {{- end }} + {{- if .Values.admissionController.metrics.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.admissionController.metrics.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.admissionController.metrics.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.admissionController.metrics.service.ipFamilies | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.admissionController.metrics.service.ports.metrics }} + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml new file mode 100644 index 00000000..4c481328 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml @@ -0,0 +1,26 @@ +{{- if .Values.admissionController.enabled }} +{{- if .Values.admissionController.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.admissionController.pdb.minAvailable }} + minAvailable: {{ .Values.admissionController.pdb.minAvailable }} + {{- end }} + {{- if .Values.admissionController.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.admissionController.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 6 }} +{{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml new file mode 100644 index 00000000..042cd12c --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml @@ -0,0 +1,39 @@ +{{- if .Values.admissionController.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: vpa-webhook + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admissionController.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.admissionController.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.admissionController.service.type }} + {{- if and (eq .Values.admissionController.service.type "ClusterIP") .Values.admissionController.service.clusterIP }} + clusterIP: {{ .Values.admissionController.service.clusterIP }} + {{- end }} + {{- if .Values.admissionController.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.admissionController.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.admissionController.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.admissionController.service.ipFamilies | nindent 4 }} + {{- end }} + {{- if .Values.admissionController.service.sessionAffinity }} + sessionAffinity: {{ .Values.admissionController.service.sessionAffinity }} + {{- end }} + {{- if .Values.admissionController.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.admissionController.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.admissionController.service.ports.https }} + targetPort: https + protocol: TCP + name: https + selector: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml new file mode 100644 index 00000000..19556353 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.admissionController.enabled }} +{{- if .Values.admissionController.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admissionController.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.admissionController.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml new file mode 100644 index 00000000..085461c4 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- if .Values.admissionController.enabled }} +{{- if .Values.admissionController.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.fullname" . }} + namespace: {{ default .Release.Namespace .Values.admissionController.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.admissionController.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.admissionController.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admissionController.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.admissionController.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.admissionController.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.admissionController.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http-metrics + {{- if .Values.admissionController.metrics.serviceMonitor.interval }} + interval: {{ .Values.admissionController.metrics.serviceMonitor.interval }} + {{- end}} + {{- if .Values.admissionController.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.admissionController.metrics.serviceMonitor.scrapeTimeout }} + {{- end}} + {{- if .Values.admissionController.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.admissionController.metrics.serviceMonitor.honorLabels }} + {{- end}} + {{- if .Values.admissionController.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.admissionController.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.admissionController.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.admissionController.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 6 }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/tls-secret.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/tls-secret.yaml new file mode 100644 index 00000000..690f7478 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/admission-controller/tls-secret.yaml @@ -0,0 +1,24 @@ +{{- if .Values.admissionController.enabled }} +{{- if not .Values.admissionController.tls.existingSecret }} +{{- $ca := genCA (include "vertical-pod-autoscaler.admissionController.fullname" .) 365 }} +{{- $cn := printf "%s.%s.svc" "vpa-webhook" .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "vertical-pod-autoscaler.admissionController.tls.secretName" . }} + labels: + {{- include "vertical-pod-autoscaler.admissionController.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + ca.crt: {{ default $ca.Cert .Values.admissionController.tls.caCert | b64enc | quote }} + tls.crt: {{ default $cert.Cert .Values.admissionController.tls.cert | b64enc | quote }} + tls.key: {{ default $cert.Key .Values.admissionController.tls.key | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/_helpers.tpl new file mode 100644 index 00000000..c4419a51 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/_helpers.tpl @@ -0,0 +1,30 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +*/}} +{{- define "vertical-pod-autoscaler.crds.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.fullname" .) "crds" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Component labels +*/}} +{{- define "vertical-pod-autoscaler.crds.componentLabels" -}} +app.kubernetes.io/component: crds +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.crds.labels" -}} +{{ include "vertical-pod-autoscaler.labels" . }} +{{ include "vertical-pod-autoscaler.crds.componentLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "vertical-pod-autoscaler.crds.selectorLabels" -}} +{{ include "vertical-pod-autoscaler.selectorLabels" . }} +{{ include "vertical-pod-autoscaler.crds.componentLabels" . }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrole.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrole.yaml new file mode 100644 index 00000000..210c0ecb --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrole.yaml @@ -0,0 +1,26 @@ +{{- if .Values.crds.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.crds.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - patch +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrolebinding.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrolebinding.yaml new file mode 100644 index 00000000..16e80c6d --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/clusterrolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.crds.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.crds.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/configmap.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/configmap.yaml new file mode 100644 index 00000000..388ebd2e --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/configmap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.crds.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.crds.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- range $path, $_ := .Files.Glob "files/crds/*" }} + {{ base $path }}: | + {{- tpl ($.Files.Get $path) $ | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/job.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/job.yaml new file mode 100644 index 00000000..ed83404a --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/job.yaml @@ -0,0 +1,71 @@ +{{- if .Values.crds.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.crds.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: + {{- include "vertical-pod-autoscaler.crds.selectorLabels" . | nindent 8 }} + {{- if .Values.crds.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.crds.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.crds.podAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.crds.podAnnotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" ( dict "images" ( list .Values.crds.image ) "global" .Values.global ) | nindent 6 }} + serviceAccountName: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + securityContext: + {{- toYaml .Values.crds.podSecurityContext | nindent 8 }} + containers: + - name: kubectl + securityContext: + {{- toYaml .Values.crds.securityContext | nindent 12 }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.crds.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.crds.image.pullPolicy }} + args: + - apply + {{- range $path, $_ := .Files.Glob "files/crds/*" }} + - --filename=/config/{{ base $path }} + {{- end }} + resources: + {{- toYaml .Values.crds.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /config + readOnly: true + {{- with .Values.crds.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.crds.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.crds.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + volumes: + - name: config + configMap: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/serviceaccount.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/serviceaccount.yaml new file mode 100644 index 00000000..c5de9389 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/crds/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.crds.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vertical-pod-autoscaler.crds.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.crds.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/extra-list.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/_helpers.tpl new file mode 100644 index 00000000..9a0a0e60 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +*/}} +{{- define "vertical-pod-autoscaler.recommender.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.fullname" .) "recommender" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified metrics name. +*/}} +{{- define "vertical-pod-autoscaler.recommender.metrics.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.recommender.fullname" .) "metrics" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Component labels +*/}} +{{- define "vertical-pod-autoscaler.recommender.componentLabels" -}} +app.kubernetes.io/component: recommender +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.recommender.labels" -}} +{{ include "vertical-pod-autoscaler.labels" . }} +{{ include "vertical-pod-autoscaler.recommender.componentLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "vertical-pod-autoscaler.recommender.selectorLabels" -}} +{{ include "vertical-pod-autoscaler.selectorLabels" . }} +{{ include "vertical-pod-autoscaler.recommender.componentLabels" . }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "vertical-pod-autoscaler.recommender.serviceAccountName" -}} +{{- if .Values.recommender.serviceAccount.create -}} + {{ default (include "vertical-pod-autoscaler.recommender.fullname" .) .Values.recommender.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.recommender.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrole.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrole.yaml new file mode 100644 index 00000000..85b1a7ea --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrole.yaml @@ -0,0 +1,149 @@ +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # system:metrics-reader + - apiGroups: + - "metrics.k8s.io" + resources: + - pods + verbs: + - get + - list + # system:vpa-actor + - apiGroups: + - "" + resources: + - pods + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - "poc.autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - "autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + # system:vpa-status-actor + - apiGroups: + - "autoscaling.k8s.io" + resources: + - verticalpodautoscalers/status + verbs: + - get + - patch + # system:vpa-checkpoint-actor + - apiGroups: + - "poc.autoscaling.k8s.io" + resources: + - verticalpodautoscalercheckpoints + verbs: + - get + - list + - watch + - create + - patch + - delete + - apiGroups: + - "autoscaling.k8s.io" + resources: + - verticalpodautoscalercheckpoints + verbs: + - get + - list + - watch + - create + - patch + - delete + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + # system:vpa-target-reader + - apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + # system:leader-locking-vpa-recommender + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - apiGroups: + - "coordination.k8s.io" + resourceNames: + - vpa-recommender + - vpa-recommender-lease + resources: + - leases + verbs: + - get + - watch + - update diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrolebinding.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrolebinding.yaml new file mode 100644 index 00000000..594a06c7 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/deployment.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/deployment.yaml new file mode 100644 index 00000000..4aabfbd1 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/deployment.yaml @@ -0,0 +1,140 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.recommender.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.recommender.deploymentAnnotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.recommender.replicaCount }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.recommender.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "vertical-pod-autoscaler.recommender.selectorLabels" . | nindent 8 }} + {{- if .Values.recommender.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.recommender.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.recommender.podAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.recommender.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.recommender.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + enableServiceLinks: {{ .Values.recommender.enableServiceLinks }} + {{- include "common.images.pullSecrets" ( dict "images" ( list .Values.recommender.image ) "global" .Values.global ) | nindent 6 }} + {{- if .Values.recommender.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.recommender.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.recommender.priorityClassName }} + priorityClassName: {{ .Values.recommender.priorityClassName | quote }} + {{- end }} + {{- if .Values.recommender.runtimeClassName }} + runtimeClassName: {{ .Values.recommender.runtimeClassName | quote }} + {{- end }} + serviceAccountName: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} + {{- if .Values.recommender.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.recommender.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.recommender.podSecurityContext | nindent 8 }} + containers: + - name: recommender + securityContext: + {{- toYaml .Values.recommender.securityContext | nindent 12 }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.recommender.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.recommender.image.pullPolicy }} + args: + - --address=:{{ .Values.recommender.containerPorts.metrics }} + {{- range $key, $value := .Values.recommender.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.recommender.extraEnvVars }} + env: + {{- include "common.tplvalues.render" (dict "value" .Values.recommender.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.recommender.extraEnvVarsCM .Values.recommender.extraEnvVarsSecret }} + envFrom: + {{- if .Values.recommender.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.recommender.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.recommender.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.recommender.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.recommender.containerPorts.metrics }} + protocol: TCP + {{- if .Values.recommender.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.recommender.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.recommender.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.recommender.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.recommender.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.recommender.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.recommender.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.recommender.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.recommender.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.recommender.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.recommender.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.recommender.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.recommender.startupProbe.enabled }} + startupProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.recommender.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.recommender.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.recommender.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values.recommender.startupProbe.failureThreshold }} + successThreshold: {{ .Values.recommender.startupProbe.successThreshold }} + {{- end }} + resources: + {{- toYaml .Values.recommender.resources | nindent 12 }} + volumeMounts: + {{- if .Values.recommender.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.recommender.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- with .Values.recommender.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.recommender.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.recommender.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.recommender.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.recommender.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/metrics-service.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/metrics-service.yaml new file mode 100644 index 00000000..3023d51f --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/metrics-service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.metrics.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.recommender.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.recommender.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.recommender.metrics.service.type }} + {{- if and (eq .Values.recommender.metrics.service.type "ClusterIP") .Values.recommender.metrics.service.clusterIP }} + clusterIP: {{ .Values.recommender.metrics.service.clusterIP }} + {{- end }} + {{- if .Values.recommender.metrics.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.recommender.metrics.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.recommender.metrics.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.recommender.metrics.service.ipFamilies | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.recommender.metrics.service.ports.metrics }} + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + {{- include "vertical-pod-autoscaler.recommender.selectorLabels" . | nindent 4 }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/pdb.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/pdb.yaml new file mode 100644 index 00000000..aa0238fa --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/pdb.yaml @@ -0,0 +1,24 @@ +{{- if .Values.recommender.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.recommender.pdb.minAvailable }} + minAvailable: {{ .Values.recommender.pdb.minAvailable }} + {{- end }} + {{- if .Values.recommender.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.recommender.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.recommender.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/serviceaccount.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/serviceaccount.yaml new file mode 100644 index 00000000..0fb40c74 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.recommender.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.recommender.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.recommender.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/servicemonitor.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/servicemonitor.yaml new file mode 100644 index 00000000..df70a780 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/recommender/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- if .Values.recommender.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "vertical-pod-autoscaler.recommender.fullname" . }} + namespace: {{ default .Release.Namespace .Values.recommender.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "vertical-pod-autoscaler.recommender.labels" . | nindent 4 }} + {{- if .Values.recommender.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.recommender.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.recommender.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.recommender.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.recommender.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.recommender.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http-metrics + {{- if .Values.recommender.metrics.serviceMonitor.interval }} + interval: {{ .Values.recommender.metrics.serviceMonitor.interval }} + {{- end}} + {{- if .Values.recommender.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.recommender.metrics.serviceMonitor.scrapeTimeout }} + {{- end}} + {{- if .Values.recommender.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.recommender.metrics.serviceMonitor.honorLabels }} + {{- end}} + {{- if .Values.recommender.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.recommender.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.recommender.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.recommender.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.recommender.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/_helpers.tpl new file mode 100644 index 00000000..600b6060 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +*/}} +{{- define "vertical-pod-autoscaler.tests.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.fullname" .) "tests" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Component labels +*/}} +{{- define "vertical-pod-autoscaler.tests.componentLabels" -}} +app.kubernetes.io/component: tests +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.tests.labels" -}} +{{ include "vertical-pod-autoscaler.labels" . }} +{{ include "vertical-pod-autoscaler.tests.componentLabels" . }} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/configmap.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/configmap.yaml new file mode 100644 index 00000000..d3e345bf --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/configmap.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "vertical-pod-autoscaler.tests.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.tests.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: test + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + test_all.py: | + import requests + + + def test_admission_controller_service_connection(): + url = "https://vpa-webhook.{{ .Release.Namespace }}.svc:{{ .Values.admissionController.service.ports.https }}/" + verify = "/admission-controller-tls-secret/ca.crt" + + response = requests.get(url, verify=verify) + + assert response.status_code == 200 + + + def test_admission_controller_metrics_service_connection(): + url = "http://{{ include "vertical-pod-autoscaler.admissionController.metrics.fullname" . }}:{{ .Values.admissionController.metrics.service.ports.metrics }}/metrics" + + response = requests.get(url) + + assert response.status_code == 200 + + + def test_recommender_metrics_service_connection(): + url = "http://{{ include "vertical-pod-autoscaler.recommender.metrics.fullname" . }}:{{ .Values.recommender.metrics.service.ports.metrics }}/metrics" + + response = requests.get(url) + + assert response.status_code == 200 + + + def test_updater_metrics_service_connection(): + url = "http://{{ include "vertical-pod-autoscaler.updater.metrics.fullname" . }}:{{ .Values.updater.metrics.service.ports.metrics }}/metrics" + + response = requests.get(url) + + assert response.status_code == 200 diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/pod.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/pod.yaml new file mode 100644 index 00000000..268a1012 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/tests/pod.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "vertical-pod-autoscaler.tests.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.tests.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: test + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- include "common.images.pullSecrets" ( dict "images" ( list .Values.tests.image ) "global" .Values.global ) | nindent 2 }} + containers: + - name: tests + image: {{ include "common.images.image" ( dict "imageRoot" .Values.tests.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.tests.image.pullPolicy }} + volumeMounts: + - name: tests + mountPath: /tests + readOnly: true + - name: admission-controller-tls-secret + mountPath: /admission-controller-tls-secret + readOnly: true + workingDir: /tests + restartPolicy: Never + volumes: + - name: tests + configMap: + name: {{ include "vertical-pod-autoscaler.tests.fullname" . }} + - name: admission-controller-tls-secret + secret: + secretName: {{ include "vertical-pod-autoscaler.admissionController.tls.secretName" . }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/_helpers.tpl b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/_helpers.tpl new file mode 100644 index 00000000..1d6a2b5f --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +*/}} +{{- define "vertical-pod-autoscaler.updater.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.fullname" .) "updater" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified metrics name. +*/}} +{{- define "vertical-pod-autoscaler.updater.metrics.fullname" -}} +{{- printf "%s-%s" (include "vertical-pod-autoscaler.updater.fullname" .) "metrics" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Component labels +*/}} +{{- define "vertical-pod-autoscaler.updater.componentLabels" -}} +app.kubernetes.io/component: updater +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "vertical-pod-autoscaler.updater.labels" -}} +{{ include "vertical-pod-autoscaler.labels" . }} +{{ include "vertical-pod-autoscaler.updater.componentLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "vertical-pod-autoscaler.updater.selectorLabels" -}} +{{ include "vertical-pod-autoscaler.selectorLabels" . }} +{{ include "vertical-pod-autoscaler.updater.componentLabels" . }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "vertical-pod-autoscaler.updater.serviceAccountName" -}} +{{- if .Values.updater.serviceAccount.create -}} + {{ default (include "vertical-pod-autoscaler.updater.fullname" .) .Values.updater.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.updater.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrole.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrole.yaml new file mode 100644 index 00000000..b1fe0fd6 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrole.yaml @@ -0,0 +1,127 @@ +{{- if .Values.updater.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # system:vpa-actor + - apiGroups: + - "" + resources: + - pods + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - "poc.autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - "autoscaling.k8s.io" + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + # system:vpa-target-reader + - apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + # system:evictioner + - apiGroups: + - "apps" + - "extensions" + resources: + - replicasets + verbs: + - get + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + # system:vpa-status-reader + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - list + - watch + # system:leader-locking-vpa-updater + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - apiGroups: + - "coordination.k8s.io" + resourceNames: + - vpa-updater + resources: + - leases + verbs: + - get + - watch + - update +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrolebinding.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrolebinding.yaml new file mode 100644 index 00000000..c0d3f13b --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.updater.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml new file mode 100644 index 00000000..1515c396 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml @@ -0,0 +1,144 @@ +{{- if .Values.updater.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.updater.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updater.deploymentAnnotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.updater.replicaCount }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 8 }} + {{- if .Values.updater.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.updater.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.updater.podAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.updater.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.updater.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + enableServiceLinks: {{ .Values.updater.enableServiceLinks }} + {{- include "common.images.pullSecrets" ( dict "images" ( list .Values.updater.image ) "global" .Values.global ) | nindent 6 }} + {{- if .Values.updater.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.updater.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.updater.priorityClassName }} + priorityClassName: {{ .Values.updater.priorityClassName | quote }} + {{- end }} + {{- if .Values.updater.runtimeClassName }} + runtimeClassName: {{ .Values.updater.runtimeClassName | quote }} + {{- end }} + serviceAccountName: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} + {{- if .Values.updater.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.updater.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.updater.podSecurityContext | nindent 8 }} + containers: + - name: updater + securityContext: + {{- toYaml .Values.updater.securityContext | nindent 12 }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.updater.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.updater.image.pullPolicy }} + args: + - --address=:{{ .Values.updater.containerPorts.metrics }} + {{- range $key, $value := .Values.updater.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + env: + - name: NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.updater.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.updater.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.updater.extraEnvVarsCM .Values.updater.extraEnvVarsSecret }} + envFrom: + {{- if .Values.updater.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.updater.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.updater.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.updater.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.updater.containerPorts.metrics }} + protocol: TCP + {{- if .Values.updater.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.updater.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.updater.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.updater.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.updater.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.updater.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.updater.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.updater.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.updater.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.updater.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.updater.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.updater.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.updater.startupProbe.enabled }} + startupProbe: + httpGet: + path: /health-check + port: http-metrics + initialDelaySeconds: {{ .Values.updater.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.updater.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.updater.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values.updater.startupProbe.failureThreshold }} + successThreshold: {{ .Values.updater.startupProbe.successThreshold }} + {{- end }} + resources: + {{- toYaml .Values.updater.resources | nindent 12 }} + volumeMounts: + {{- if .Values.updater.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.updater.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- with .Values.updater.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.updater.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.updater.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.updater.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.updater.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/metrics-service.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/metrics-service.yaml new file mode 100644 index 00000000..e8555f93 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/metrics-service.yaml @@ -0,0 +1,33 @@ +{{- if .Values.updater.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "vertical-pod-autoscaler.updater.metrics.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.updater.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updater.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.updater.metrics.service.type }} + {{- if and (eq .Values.updater.metrics.service.type "ClusterIP") .Values.updater.metrics.service.clusterIP }} + clusterIP: {{ .Values.updater.metrics.service.clusterIP }} + {{- end }} + {{- if .Values.updater.metrics.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.updater.metrics.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.updater.metrics.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.updater.metrics.service.ipFamilies | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.updater.metrics.service.ports.metrics }} + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml new file mode 100644 index 00000000..723af070 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml @@ -0,0 +1,26 @@ +{{- if .Values.updater.enabled }} +{{- if .Values.updater.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.updater.pdb.minAvailable }} + minAvailable: {{ .Values.updater.pdb.minAvailable }} + {{- end }} + {{- if .Values.updater.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.updater.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 6 }} +{{- end }} +{{- end }} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml new file mode 100644 index 00000000..050c9439 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.updater.enabled }} +{{- if .Values.updater.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.updater.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updater.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml new file mode 100644 index 00000000..306a94bf --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- if .Values.updater.enabled }} +{{- if .Values.updater.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "vertical-pod-autoscaler.updater.fullname" . }} + namespace: {{ default .Release.Namespace .Values.updater.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }} + {{- if .Values.updater.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.updater.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.updater.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updater.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.updater.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.updater.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http-metrics + {{- if .Values.updater.metrics.serviceMonitor.interval }} + interval: {{ .Values.updater.metrics.serviceMonitor.interval }} + {{- end}} + {{- if .Values.updater.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.updater.metrics.serviceMonitor.scrapeTimeout }} + {{- end}} + {{- if .Values.updater.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.updater.metrics.serviceMonitor.honorLabels }} + {{- end}} + {{- if .Values.updater.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.updater.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.updater.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.updater.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 6 }} +{{- end -}} +{{- end -}} diff --git a/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/values.yaml b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/values.yaml new file mode 100644 index 00000000..e029dd9f --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/charts/vertical-pod-autoscaler/values.yaml @@ -0,0 +1,966 @@ +# Default values for vertical-pod-autoscaler. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## @section Global parameters + +global: + ## @param global.imageRegistry Global Docker image registry + imageRegistry: "" + + ## @param global.imagePullSecrets Global Docker registry secret names as an array + imagePullSecrets: [] + +## @section Common parameters + +## @param kubeVersion Override Kubernetes version +kubeVersion: "" + +## @param nameOverride Partially override `vertical-pod-autoscaler.fullname` template with a string (will prepend the release name) +nameOverride: "" + +## @param fullnameOverride Fully override `vertical-pod-autoscaler.fullname` template with a string +fullnameOverride: "" + +## @param commonAnnotations Annotations to add to all deployed objects +commonAnnotations: {} + +## @param commonLabels Labels to add to all deployed objects +commonLabels: {} + +## @param extraDeploy Array of extra objects to deploy with the release +extraDeploy: [] + +## @section Admission controller parameters + +admissionController: +## @param admissionController.enabled Enable the component + enabled: true + + ## @param admissionController.replicaCount Number of replicas + replicaCount: 1 + + image: + ## @param admissionController.image.registry Image registry + registry: registry.k8s.io + + ## @param admissionController.image.repository Image repository + repository: autoscaling/vpa-admission-controller + + ## @param admissionController.image.tag Image tag + tag: 1.3.0 + + ## @param admissionController.image.digest Image digest + digest: "" + + ## @param admissionController.image.pullPolicy Image pull policy + pullPolicy: IfNotPresent + + pdb: + ## @param admissionController.pdb.create Specifies whether a pod disruption budget should be created + create: false + + ## @param admissionController.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + minAvailable: 1 + + ## @param admissionController.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + maxUnavailable: + # maxUnavailable: 1 + + serviceAccount: + ## @param admissionController.serviceAccount.create Specifies whether a service account should be created + create: true + + ## @param admissionController.serviceAccount.annotations Service account annotations + annotations: {} + + ## @param admissionController.serviceAccount.name The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) + name: + + ## @param admissionController.enableServiceLinks Whether information about services should be injected into pod's environment variable + enableServiceLinks: false + + ## @param admissionController.hostAliases Pod host aliases + hostAliases: [] + + ## @param admissionController.deploymentAnnotations Additional deployment annotations + deploymentAnnotations: {} + + ## @param admissionController.podAnnotations Additional pod annotations + podAnnotations: {} + + ## @param admissionController.podLabels Additional pod labels + podLabels: {} + + ## @extra admissionController.podSecurityContext Pod security context + ## @param admissionController.podSecurityContext.runAsNonRoot Whether the container must run as a non-root user + ## @param admissionController.podSecurityContext.runAsUser The UID to run the entrypoint of the container process + ## @param admissionController.podSecurityContext.runAsGroup The GID to run the entrypoint of the container process + podSecurityContext: + # fsGroup: 2000 + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + + ## @param admissionController.hostNetwork Use the host network + hostNetwork: false + + ## @param admissionController.priorityClassName Priority class name + priorityClassName: + # priorityClassName : high-priority + + ## @param admissionController.runtimeClassName Runtime class name + runtimeClassName: "" + + ## @param admissionController.topologySpreadConstraints Topology Spread Constraints for pod assignment + topologySpreadConstraints: [] + + ## @param admissionController.securityContext Container security context + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + containerPorts: + ## @param admissionController.containerPorts.https Container port for HTTPS + https: 8000 + + ## @param admissionController.containerPorts.metrics Container port for Metrics + metrics: 8944 + + livenessProbe: + ## @param admissionController.livenessProbe.enabled Enable liveness probe + enabled: true + + ## @param admissionController.livenessProbe.initialDelaySeconds Delay before the liveness probe is initiated + initialDelaySeconds: 0 + + ## @param admissionController.livenessProbe.periodSeconds How often to perform the liveness probe + periodSeconds: 10 + + ## @param admissionController.livenessProbe.timeoutSeconds When the liveness probe times out + timeoutSeconds: 1 + + ## @param admissionController.livenessProbe.failureThreshold Minimum consecutive failures for the liveness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param admissionController.livenessProbe.successThreshold Minimum consecutive successes for the liveness probe to be considered successful after having failed + successThreshold: 1 + + readinessProbe: + ## @param admissionController.readinessProbe.enabled Enable readiness probe + enabled: true + + ## @param admissionController.readinessProbe.initialDelaySeconds Delay before the readiness probe is initiated + initialDelaySeconds: 0 + + ## @param admissionController.readinessProbe.periodSeconds How often to perform the readiness probe + periodSeconds: 10 + + ## @param admissionController.readinessProbe.timeoutSeconds When the readiness probe times out + timeoutSeconds: 1 + + ## @param admissionController.readinessProbe.failureThreshold Minimum consecutive failures for the readiness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param admissionController.readinessProbe.successThreshold Minimum consecutive successes for the readiness probe to be considered successful after having failed + successThreshold: 1 + + startupProbe: + ## @param admissionController.startupProbe.enabled Enable startup probe + enabled: false + + ## @param admissionController.startupProbe.initialDelaySeconds Delay before the startup probe is initiated + initialDelaySeconds: 0 + + ## @param admissionController.startupProbe.periodSeconds How often to perform the startup probe + periodSeconds: 10 + + ## @param admissionController.startupProbe.timeoutSeconds When the startup probe times out + timeoutSeconds: 1 + + ## @param admissionController.startupProbe.failureThreshold Minimum consecutive failures for the startup probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param admissionController.startupProbe.successThreshold Minimum consecutive successes for the startup probe to be considered successful after having failed + successThreshold: 1 + + service: + ## @param admissionController.service.annotations Service annotations + annotations: {} + + ## @param admissionController.service.type Service type + type: ClusterIP + + ## @param admissionController.service.clusterIP Static cluster IP address or None for headless service when service type is ClusterIP + clusterIP: + # clusterIP: 10.43.0.100 + + ## @param admissionController.service.ipFamilyPolicy Service IP family policy + ipFamilyPolicy: "" + + ## @param admissionController.service.ipFamilies Service IP families + ipFamilies: [] + + ## @param admissionController.service.sessionAffinity Control where client requests go, to the same pod or round-robin + sessionAffinity: None + + ## @param admissionController.service.sessionAffinityConfig Additional settings for the sessionAffinity + sessionAffinityConfig: {} + + ports: + ## @param admissionController.service.ports.https Service port for HTTPS (do not change it) + https: 443 + + ## @param admissionController.resources CPU/Memory resource requests/limits + resources: {} + # limits: + # cpu: 200m + # memory: 512Mi + # requests: + # cpu: 50m + # memory: 256Mi + + ## @param admissionController.nodeSelector Node labels for pod assignment + nodeSelector: {} + + ## @param admissionController.tolerations Tolerations for pod assignment + tolerations: [] + + ## @param admissionController.affinity Map of node/pod affinities + affinity: {} + + ## @extra admissionController.extraArgs [object] Additional container arguments + ## @param admissionController.extraArgs.v Number for the log level verbosity + extraArgs: + # kube-api-burst: 10 + # kube-api-qps: 5 + v: 2 + # vpa-object-namespace: "" + # webhook-timeout-seconds: 30 + + ## @param admissionController.extraEnvVars Additional container environment variables + extraEnvVars: [] + # - name: MY-NAME + # value: "MY-VALUE" + + ## @param admissionController.extraEnvVarsCM Name of existing ConfigMap containing additional container environment variables + extraEnvVarsCM: + + ## @param admissionController.extraEnvVarsSecret Name of existing Secret containing additional container environment variables + extraEnvVarsSecret: + + ## @param admissionController.extraVolumes Optionally specify extra list of additional volumes + extraVolumes: [] + + ## @param admissionController.extraVolumeMounts Optionally specify extra list of additional volumeMounts + extraVolumeMounts: [] + + metrics: + service: + ## @param admissionController.metrics.service.annotations Metrics service annotations + annotations: {} + + ## @param admissionController.metrics.service.type Metrics service type + type: ClusterIP + + ## @param admissionController.metrics.service.clusterIP Metrics static cluster IP address or None for headless service when service type is ClusterIP + clusterIP: + # clusterIP: 10.43.0.100 + + ## @param admissionController.metrics.service.ipFamilyPolicy Metrics service IP family policy + ipFamilyPolicy: "" + + ## @param admissionController.metrics.service.ipFamilies Metrics service IP families + ipFamilies: [] + + ports: + ## @param admissionController.metrics.service.ports.metrics Metrics service port for Metrics + metrics: 8944 + + serviceMonitor: + ## @param admissionController.metrics.serviceMonitor.enabled Specifies whether a service monitor should be created + enabled: false + + ## @param admissionController.metrics.serviceMonitor.namespace Namespace in which to create the service monitor + namespace: "" + + ## @param admissionController.metrics.serviceMonitor.annotations Service monitor annotations + annotations: {} + + ## @param admissionController.metrics.serviceMonitor.labels Additional service monitor labels + labels: {} + + ## @param admissionController.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + jobLabel: "" + + ## @param admissionController.metrics.serviceMonitor.honorLabels Whether to choose the metric’s labels on collisions with target labels + honorLabels: false + + ## @param admissionController.metrics.serviceMonitor.interval Interval at which metrics should be scraped + interval: "" + + ## @param admissionController.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + scrapeTimeout: "" + + ## @param admissionController.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + metricRelabelings: [] + + ## @param admissionController.metrics.serviceMonitor.relabelings Specify general relabeling + relabelings: [] + + tls: + ## @param admissionController.tls.caCert TLS CA certificate (Generated using the `genCA` function if not set) + caCert: "" + + ## @param admissionController.tls.cert TLS certificate (Generated using the `genSignedCert` function if not set) + cert: "" + + ## @param admissionController.tls.key TLS private key (Generated using the `genSignedCert` function if not set) + key: "" + + ## @param admissionController.tls.existingSecret Name of existing TLS Secret to use + existingSecret: "" + +## @section Recommender parameters + +recommender: +## @param recommender.replicaCount Number of replicas + replicaCount: 1 + + image: + ## @param recommender.image.registry Image registry + registry: registry.k8s.io + + ## @param recommender.image.repository Image repository + repository: autoscaling/vpa-recommender + + ## @param recommender.image.tag Image tag + tag: 1.3.0 + + ## @param recommender.image.digest Image digest + digest: "" + + ## @param recommender.image.pullPolicy Image pull policy + pullPolicy: IfNotPresent + + pdb: + ## @param recommender.pdb.create Specifies whether a pod disruption budget should be created + create: false + + ## @param recommender.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + minAvailable: 1 + + ## @param recommender.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + maxUnavailable: + # maxUnavailable: 1 + + serviceAccount: + ## @param recommender.serviceAccount.create Specifies whether a service account should be created + create: true + + ## @param recommender.serviceAccount.annotations Service account annotations + annotations: {} + + ## @param recommender.serviceAccount.name The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) + name: + + ## @param recommender.enableServiceLinks Whether information about services should be injected into pod's environment variable + enableServiceLinks: false + + ## @param recommender.hostAliases Pod host aliases + hostAliases: [] + + ## @param recommender.deploymentAnnotations Additional deployment annotations + deploymentAnnotations: {} + + ## @param recommender.podAnnotations Additional pod annotations + podAnnotations: {} + + ## @param recommender.podLabels Additional pod labels + podLabels: {} + + ## @extra recommender.podSecurityContext Pod security context + ## @param recommender.podSecurityContext.runAsNonRoot Whether the container must run as a non-root user + ## @param recommender.podSecurityContext.runAsUser The UID to run the entrypoint of the container process + ## @param recommender.podSecurityContext.runAsGroup The GID to run the entrypoint of the container process + podSecurityContext: + # fsGroup: 2000 + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + + ## @param recommender.priorityClassName Priority class name + priorityClassName: + # priorityClassName : high-priority + + ## @param recommender.runtimeClassName Runtime class name + runtimeClassName: "" + + ## @param recommender.topologySpreadConstraints Topology Spread Constraints for pod assignment + topologySpreadConstraints: [] + + ## @param recommender.securityContext Container security context + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + containerPorts: + ## @param recommender.containerPorts.metrics Container port for Metrics + metrics: 8942 + + livenessProbe: + ## @param recommender.livenessProbe.enabled Enable liveness probe + enabled: true + + ## @param recommender.livenessProbe.initialDelaySeconds Delay before the liveness probe is initiated + initialDelaySeconds: 0 + + ## @param recommender.livenessProbe.periodSeconds How often to perform the liveness probe + periodSeconds: 10 + + ## @param recommender.livenessProbe.timeoutSeconds When the liveness probe times out + timeoutSeconds: 1 + + ## @param recommender.livenessProbe.failureThreshold Minimum consecutive failures for the liveness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param recommender.livenessProbe.successThreshold Minimum consecutive successes for the liveness probe to be considered successful after having failed + successThreshold: 1 + + readinessProbe: + ## @param recommender.readinessProbe.enabled Enable readiness probe + enabled: true + + ## @param recommender.readinessProbe.initialDelaySeconds Delay before the readiness probe is initiated + initialDelaySeconds: 0 + + ## @param recommender.readinessProbe.periodSeconds How often to perform the readiness probe + periodSeconds: 10 + + ## @param recommender.readinessProbe.timeoutSeconds When the readiness probe times out + timeoutSeconds: 1 + + ## @param recommender.readinessProbe.failureThreshold Minimum consecutive failures for the readiness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param recommender.readinessProbe.successThreshold Minimum consecutive successes for the readiness probe to be considered successful after having failed + successThreshold: 1 + + startupProbe: + ## @param recommender.startupProbe.enabled Enable startup probe + enabled: false + + ## @param recommender.startupProbe.initialDelaySeconds Delay before the startup probe is initiated + initialDelaySeconds: 0 + + ## @param recommender.startupProbe.periodSeconds How often to perform the startup probe + periodSeconds: 10 + + ## @param recommender.startupProbe.timeoutSeconds When the startup probe times out + timeoutSeconds: 1 + + ## @param recommender.startupProbe.failureThreshold Minimum consecutive failures for the startup probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param recommender.startupProbe.successThreshold Minimum consecutive successes for the startup probe to be considered successful after having failed + successThreshold: 1 + + ## @param recommender.resources CPU/Memory resource requests/limits + resources: {} + # limits: + # cpu: 200m + # memory: 1024Mi + # requests: + # cpu: 50m + # memory: 512Mi + + ## @param recommender.nodeSelector Node labels for pod assignment + nodeSelector: {} + + ## @param recommender.tolerations Tolerations for pod assignment + tolerations: [] + + ## @param recommender.affinity Map of node/pod affinities + affinity: {} + + ## @extra recommender.extraArgs [object] Additional container arguments + ## @param recommender.extraArgs.v Number for the log level verbosity + extraArgs: + # checkpoints-gc-interval: 10m0s + # checkpoints-timeout: 1m0s + # container-name-label: name + # container-namespace-label: namespace + # container-pod-name-label: pod_name + # cpu-histogram-decay-half-life: 24h0m0s + # cpu-integer-post-processor-enabled: false + # external-metrics-cpu-metric: "" + # external-metrics-memory-metric: "" + # history-length: 8d + # history-resolution: 1h + # ignored-vpa-object-namespaces: "" + # kube-api-burst: 10 + # kube-api-qps: 5 + # leader-elect: false + # leader-elect-lease-duration: 15s + # leader-elect-renew-deadline: 10s + # leader-elect-resource-lock: leases + # leader-elect-resource-name: vpa-recommender + # leader-elect-resource-namespace: kube-system + # leader-elect-retry-period: 2s + # memory-aggregation-interval: 24h0m0s + # memory-aggregation-interval-count: 8 + # memory-histogram-decay-half-life: 24h0m0s + # memory-saver: false + # metric-for-pod-labels: up{job="kubernetes-pods"} + # min-checkpoints: 10 + # oom-bump-up-ratio: 1.2 + # oom-min-bump-up-bytes: 104857600 + # password: "" + # pod-label-prefix: pod_label_ + # pod-name-label: kubernetes_pod_name + # pod-namespace-label: kubernetes_namespace + # pod-recommendation-min-cpu-millicores: 25 + # pod-recommendation-min-memory-mb: 250 + # prometheus-address: "" + # prometheus-cadvisor-job-name: kubernetes-cadvisor + # prometheus-query-timeout: 5m + # recommendation-lower-bound-cpu-percentile: 0.5 + # recommendation-lower-bound-memory-percentile: 0.5 + # recommendation-margin-fraction: 0.15 + # recommendation-upper-bound-cpu-percentile: 0.95 + # recommendation-upper-bound-memory-percentile: 0.95 + # recommender-interval: 1m0s + # recommender-name: default + # storage: checkpoint + # target-cpu-percentile: 0.9 + # target-memory-percentile: 0.9 + # use-external-metrics: false + # username: "" + v: 2 + # vpa-object-namespace: "" + + ## @param recommender.extraEnvVars Additional container environment variables + extraEnvVars: [] + # - name: MY-NAME + # value: "MY-VALUE" + + ## @param recommender.extraEnvVarsCM Name of existing ConfigMap containing additional container environment variables + extraEnvVarsCM: + + ## @param recommender.extraEnvVarsSecret Name of existing Secret containing additional container environment variables + extraEnvVarsSecret: + + ## @param recommender.extraVolumes Optionally specify extra list of additional volumes + extraVolumes: [] + + ## @param recommender.extraVolumeMounts Optionally specify extra list of additional volumeMounts + extraVolumeMounts: [] + + metrics: + service: + ## @param recommender.metrics.service.annotations Metrics service annotations + annotations: {} + + ## @param recommender.metrics.service.type Metrics service type + type: ClusterIP + + ## @param recommender.metrics.service.clusterIP Metrics static cluster IP address or None for headless service when service type is ClusterIP + clusterIP: + # clusterIP: 10.43.0.100 + + ## @param recommender.metrics.service.ipFamilyPolicy Metrics service IP family policy + ipFamilyPolicy: "" + + ## @param recommender.metrics.service.ipFamilies Metrics service IP families + ipFamilies: [] + + ports: + ## @param recommender.metrics.service.ports.metrics Metrics service port for Metrics + metrics: 8942 + + serviceMonitor: + ## @param recommender.metrics.serviceMonitor.enabled Specifies whether a service monitor should be created + enabled: false + + ## @param recommender.metrics.serviceMonitor.namespace Namespace in which to create the service monitor + namespace: "" + + ## @param recommender.metrics.serviceMonitor.annotations Service monitor annotations + annotations: {} + + ## @param recommender.metrics.serviceMonitor.labels Additional service monitor labels + labels: {} + + ## @param recommender.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + jobLabel: "" + + ## @param recommender.metrics.serviceMonitor.honorLabels Whether to choose the metric’s labels on collisions with target labels + honorLabels: false + + ## @param recommender.metrics.serviceMonitor.interval Interval at which metrics should be scraped + interval: "" + + ## @param recommender.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + scrapeTimeout: "" + + ## @param recommender.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + metricRelabelings: [] + + ## @param recommender.metrics.serviceMonitor.relabelings Specify general relabeling + relabelings: [] + +## @section Updater parameters + +updater: +## @param updater.enabled Enable the component + enabled: true + + ## @param updater.replicaCount Number of replicas + replicaCount: 1 + + image: + ## @param updater.image.registry Image registry + registry: registry.k8s.io + + ## @param updater.image.repository Image repository + repository: autoscaling/vpa-updater + + ## @param updater.image.tag Image tag + tag: 1.3.0 + + ## @param updater.image.digest Image digest + digest: "" + + ## @param updater.image.pullPolicy Image pull policy + pullPolicy: IfNotPresent + + pdb: + ## @param updater.pdb.create Specifies whether a pod disruption budget should be created + create: false + + ## @param updater.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + minAvailable: 1 + + ## @param updater.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + maxUnavailable: + # maxUnavailable: 1 + + serviceAccount: + ## @param updater.serviceAccount.create Specifies whether a service account should be created + create: true + + ## @param updater.serviceAccount.annotations Service account annotations + annotations: {} + + ## @param updater.serviceAccount.name The name of the service account to use (Generated using the `vertical-pod-autoscaler.fullname` template if not set) + name: + + ## @param updater.enableServiceLinks Whether information about services should be injected into pod's environment variable + enableServiceLinks: false + + ## @param updater.hostAliases Pod host aliases + hostAliases: [] + + ## @param updater.deploymentAnnotations Additional deployment annotations + deploymentAnnotations: {} + + ## @param updater.podAnnotations Additional pod annotations + podAnnotations: {} + + ## @param updater.podLabels Additional pod labels + podLabels: {} + + ## @extra updater.podSecurityContext Pod security context + ## @param updater.podSecurityContext.runAsNonRoot Whether the container must run as a non-root user + ## @param updater.podSecurityContext.runAsUser The UID to run the entrypoint of the container process + ## @param updater.podSecurityContext.runAsGroup The GID to run the entrypoint of the container process + podSecurityContext: + # fsGroup: 2000 + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + + ## @param updater.priorityClassName Priority class name + priorityClassName: + # priorityClassName : high-priority + + ## @param updater.runtimeClassName Runtime class name + runtimeClassName: "" + + ## @param updater.topologySpreadConstraints Topology Spread Constraints for pod assignment + topologySpreadConstraints: [] + + ## @param updater.securityContext Container security context + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + containerPorts: + ## @param updater.containerPorts.metrics Container port for Metrics + metrics: 8943 + + livenessProbe: + ## @param updater.livenessProbe.enabled Enable liveness probe + enabled: true + + ## @param updater.livenessProbe.initialDelaySeconds Delay before the liveness probe is initiated + initialDelaySeconds: 0 + + ## @param updater.livenessProbe.periodSeconds How often to perform the liveness probe + periodSeconds: 10 + + ## @param updater.livenessProbe.timeoutSeconds When the liveness probe times out + timeoutSeconds: 1 + + ## @param updater.livenessProbe.failureThreshold Minimum consecutive failures for the liveness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param updater.livenessProbe.successThreshold Minimum consecutive successes for the liveness probe to be considered successful after having failed + successThreshold: 1 + + readinessProbe: + ## @param updater.readinessProbe.enabled Enable readiness probe + enabled: true + + ## @param updater.readinessProbe.initialDelaySeconds Delay before the readiness probe is initiated + initialDelaySeconds: 0 + + ## @param updater.readinessProbe.periodSeconds How often to perform the readiness probe + periodSeconds: 10 + + ## @param updater.readinessProbe.timeoutSeconds When the readiness probe times out + timeoutSeconds: 1 + + ## @param updater.readinessProbe.failureThreshold Minimum consecutive failures for the readiness probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param updater.readinessProbe.successThreshold Minimum consecutive successes for the readiness probe to be considered successful after having failed + successThreshold: 1 + + startupProbe: + ## @param updater.startupProbe.enabled Enable startup probe + enabled: false + + ## @param updater.startupProbe.initialDelaySeconds Delay before the startup probe is initiated + initialDelaySeconds: 0 + + ## @param updater.startupProbe.periodSeconds How often to perform the startup probe + periodSeconds: 10 + + ## @param updater.startupProbe.timeoutSeconds When the startup probe times out + timeoutSeconds: 1 + + ## @param updater.startupProbe.failureThreshold Minimum consecutive failures for the startup probe to be considered failed after having succeeded + failureThreshold: 3 + + ## @param updater.startupProbe.successThreshold Minimum consecutive successes for the startup probe to be considered successful after having failed + successThreshold: 1 + + ## @param updater.resources CPU/Memory resource requests/limits + resources: {} + # limits: + # cpu: 200m + # memory: 1024Mi + # requests: + # cpu: 50m + # memory: 512Mi + + ## @param updater.nodeSelector Node labels for pod assignment + nodeSelector: {} + + ## @param updater.tolerations Tolerations for pod assignment + tolerations: [] + + ## @param updater.affinity Map of node/pod affinities + affinity: {} + + ## @extra updater.extraArgs [object] Additional container arguments + ## @param updater.extraArgs.v Number for the log level verbosity + extraArgs: + # evict-after-oom-threshold: 10m0s + # eviction-rate-burst: 1 + # eviction-rate-limit: -1 + # eviction-tolerance: 0.5 + # ignored-vpa-object-namespaces: "" + # in-recommendation-bounds-eviction-lifetime-threshold: 12h0m0s + # kube-api-burst: 10 + # kube-api-qps: 5 + # leader-elect: false + # leader-elect-lease-duration: 15s + # leader-elect-renew-deadline: 10s + # leader-elect-resource-lock: leases + # leader-elect-resource-name: vpa-updater + # leader-elect-resource-namespace: kube-system + # leader-elect-retry-period: 2s + # min-replicas: 2 + # pod-update-threshold: 0.1 + # updater-interval: 1m0s + # use-admission-controller-status: true + v: 2 + # vpa-object-namespace: "" + + ## @param updater.extraEnvVars Additional container environment variables + extraEnvVars: [] + # - name: MY-NAME + # value: "MY-VALUE" + + ## @param updater.extraEnvVarsCM Name of existing ConfigMap containing additional container environment variables + extraEnvVarsCM: + + ## @param updater.extraEnvVarsSecret Name of existing Secret containing additional container environment variables + extraEnvVarsSecret: + + ## @param updater.extraVolumes Optionally specify extra list of additional volumes + extraVolumes: [] + + ## @param updater.extraVolumeMounts Optionally specify extra list of additional volumeMounts + extraVolumeMounts: [] + + metrics: + service: + ## @param updater.metrics.service.annotations Metrics service annotations + annotations: {} + + ## @param updater.metrics.service.type Metrics service type + type: ClusterIP + + ## @param updater.metrics.service.clusterIP Metrics static cluster IP address or None for headless service when service type is ClusterIP + clusterIP: + # clusterIP: 10.43.0.100 + + ## @param updater.metrics.service.ipFamilyPolicy Metrics service IP family policy + ipFamilyPolicy: "" + + ## @param updater.metrics.service.ipFamilies Metrics service IP families + ipFamilies: [] + + ports: + ## @param updater.metrics.service.ports.metrics Metrics service port for Metrics + metrics: 8943 + + serviceMonitor: + ## @param updater.metrics.serviceMonitor.enabled Specifies whether a service monitor should be created + enabled: false + + ## @param updater.metrics.serviceMonitor.namespace Namespace in which to create the service monitor + namespace: "" + + ## @param updater.metrics.serviceMonitor.annotations Service monitor annotations + annotations: {} + + ## @param updater.metrics.serviceMonitor.labels Additional service monitor labels + labels: {} + + ## @param updater.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + jobLabel: "" + + ## @param updater.metrics.serviceMonitor.honorLabels Whether to choose the metric’s labels on collisions with target labels + honorLabels: false + + ## @param updater.metrics.serviceMonitor.interval Interval at which metrics should be scraped + interval: "" + + ## @param updater.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + scrapeTimeout: "" + + ## @param updater.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + metricRelabelings: [] + + ## @param updater.metrics.serviceMonitor.relabelings Specify general relabeling + relabelings: [] + +## @section CRDs parameters + +crds: + ## @param crds.enabled Enable CRDs + enabled: true + + image: + ## @param crds.image.registry Image registry + registry: docker.io + + ## @param crds.image.repository Image repository + repository: bitnami/kubectl + + ## @param crds.image.tag Image tag + tag: 1.29.3 + + ## @param crds.image.digest Image digest + digest: "" + + ## @param crds.image.pullPolicy Image pull policy + pullPolicy: IfNotPresent + + ## @param crds.podAnnotations Additional pod annotations + podAnnotations: {} + + ## @param crds.podLabels Additional pod labels + podLabels: {} + + ## @extra crds.podSecurityContext Pod security context + ## @param crds.podSecurityContext.runAsNonRoot Whether the container must run as a non-root user + ## @param crds.podSecurityContext.runAsUser The UID to run the entrypoint of the container process + ## @param crds.podSecurityContext.runAsGroup The GID to run the entrypoint of the container process + podSecurityContext: + # fsGroup: 2000 + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + + ## @param crds.securityContext Container security context + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + ## @param crds.resources CPU/Memory resource requests/limits + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## @param crds.nodeSelector Node labels for pod assignment + nodeSelector: {} + + ## @param crds.tolerations Tolerations for pod assignment + tolerations: [] + + ## @param crds.affinity Map of node/pod affinities + affinity: {} + +## @section Tests parameters + +tests: + image: + ## @param tests.image.registry Image registry + registry: ghcr.io + + ## @param tests.image.repository Image repository + repository: cowboysysop/pytest + + ## @param tests.image.tag Image tag + tag: 1.0.41 + + ## @param tests.image.digest Image digest + digest: "" + + ## @param tests.image.pullPolicy Image pull policy + pullPolicy: IfNotPresent diff --git a/packages/system/vertical-pod-autoscaler/values.yaml b/packages/system/vertical-pod-autoscaler/values.yaml new file mode 100644 index 00000000..e5ffaa66 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler/values.yaml @@ -0,0 +1,36 @@ +vertical-pod-autoscaler: + updater: + resources: + limits: + memory: 1100Mi + requests: + cpu: 200m + memory: 1100Mi + + recommender: + extraArgs: + container-name-label: container + container-namespace-label: namespace + container-pod-name-label: pod + storage: prometheus + memory-saver: true + pod-label-prefix: label_ + metric-for-pod-labels: kube_pod_labels{job="kube-state-metrics"}[8d] + pod-name-label: pod + pod-namespace-label: namespace + prometheus-address: http://vmselect-shortterm.tenant-root.svc.cozy.local:8481/select/0/prometheus/ + prometheus-cadvisor-job-name: cadvisor + resources: + limits: + memory: 1600Mi + requests: + cpu: 100m + memory: 1600Mi + + admissionController: + resources: + limits: + memory: 256Mi + requests: + cpu: 50m + memory: 50Mi diff --git a/pkg/apis/apps/fuzzer/fuzzer.go b/pkg/apis/apps/fuzzer/fuzzer.go index 428e5244..fd744ed6 100644 --- a/pkg/apis/apps/fuzzer/fuzzer.go +++ b/pkg/apis/apps/fuzzer/fuzzer.go @@ -17,7 +17,7 @@ limitations under the License. package fuzzer import ( - "github.com/aenix-io/cozystack/pkg/apis/apps" + "github.com/cozystack/cozystack/pkg/apis/apps" fuzz "github.com/google/gofuzz" runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" diff --git a/pkg/apis/apps/install/install.go b/pkg/apis/apps/install/install.go index f51b3685..0b4142d4 100644 --- a/pkg/apis/apps/install/install.go +++ b/pkg/apis/apps/install/install.go @@ -17,7 +17,7 @@ limitations under the License. package install import ( - appsv1alpha1 "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" ) diff --git a/pkg/apis/apps/install/roundtrip_test.go b/pkg/apis/apps/install/roundtrip_test.go index 2393d6fe..eb7f4c6f 100644 --- a/pkg/apis/apps/install/roundtrip_test.go +++ b/pkg/apis/apps/install/roundtrip_test.go @@ -19,7 +19,7 @@ package install import ( "testing" - appsfuzzer "github.com/aenix-io/cozystack/pkg/apis/apps/fuzzer" + appsfuzzer "github.com/cozystack/cozystack/pkg/apis/apps/fuzzer" "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" ) diff --git a/pkg/apis/apps/v1alpha1/doc.go b/pkg/apis/apps/v1alpha1/doc.go index b4652358..d162bb08 100644 --- a/pkg/apis/apps/v1alpha1/doc.go +++ b/pkg/apis/apps/v1alpha1/doc.go @@ -16,10 +16,10 @@ limitations under the License. // +k8s:openapi-gen=true // +k8s:deepcopy-gen=package -// +k8s:conversion-gen=github.com/aenix-io/cozystack/pkg/apis/apps +// +k8s:conversion-gen=github.com/cozystack/cozystack/pkg/apis/apps // +k8s:conversion-gen=k8s.io/apiextensions-apiserver/pkg/apis/apiextensions // +k8s:defaulter-gen=TypeMeta // +groupName=apps.cozystack.io // Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" +package v1alpha1 // import "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" diff --git a/pkg/apis/apps/v1alpha1/register.go b/pkg/apis/apps/v1alpha1/register.go index 362b6026..a1b2586f 100644 --- a/pkg/apis/apps/v1alpha1/register.go +++ b/pkg/apis/apps/v1alpha1/register.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - "github.com/aenix-io/cozystack/pkg/config" + "github.com/cozystack/cozystack/pkg/config" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" diff --git a/pkg/apis/apps/validation/validation.go b/pkg/apis/apps/validation/validation.go index 01d53689..84c20c54 100644 --- a/pkg/apis/apps/validation/validation.go +++ b/pkg/apis/apps/validation/validation.go @@ -17,7 +17,7 @@ limitations under the License. package validation import ( - "github.com/aenix-io/cozystack/pkg/apis/apps" + "github.com/cozystack/cozystack/pkg/apis/apps" "k8s.io/apimachinery/pkg/util/validation/field" ) diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index de23e4cc..4e54d867 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -29,11 +29,11 @@ import ( "k8s.io/client-go/dynamic" restclient "k8s.io/client-go/rest" - "github.com/aenix-io/cozystack/pkg/apis/apps" - "github.com/aenix-io/cozystack/pkg/apis/apps/install" - "github.com/aenix-io/cozystack/pkg/config" - appsregistry "github.com/aenix-io/cozystack/pkg/registry" - applicationstorage "github.com/aenix-io/cozystack/pkg/registry/apps/application" + "github.com/cozystack/cozystack/pkg/apis/apps" + "github.com/cozystack/cozystack/pkg/apis/apps/install" + "github.com/cozystack/cozystack/pkg/config" + appsregistry "github.com/cozystack/cozystack/pkg/registry" + applicationstorage "github.com/cozystack/cozystack/pkg/registry/apps/application" ) var ( diff --git a/pkg/apiserver/scheme_test.go b/pkg/apiserver/scheme_test.go index 98dd1386..e00a1d62 100644 --- a/pkg/apiserver/scheme_test.go +++ b/pkg/apiserver/scheme_test.go @@ -19,7 +19,7 @@ package apiserver import ( "testing" - appsfuzzer "github.com/aenix-io/cozystack/pkg/apis/apps/fuzzer" + appsfuzzer "github.com/cozystack/cozystack/pkg/apis/apps/fuzzer" "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" ) diff --git a/pkg/cmd/server/start.go b/pkg/cmd/server/start.go index f36f2133..fd138c79 100644 --- a/pkg/cmd/server/start.go +++ b/pkg/cmd/server/start.go @@ -23,10 +23,10 @@ import ( "io" "net" - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" - "github.com/aenix-io/cozystack/pkg/apiserver" - "github.com/aenix-io/cozystack/pkg/config" - sampleopenapi "github.com/aenix-io/cozystack/pkg/generated/openapi" + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" + "github.com/cozystack/cozystack/pkg/apiserver" + "github.com/cozystack/cozystack/pkg/config" + sampleopenapi "github.com/cozystack/cozystack/pkg/generated/openapi" "github.com/spf13/cobra" utilerrors "k8s.io/apimachinery/pkg/util/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -202,12 +202,12 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { defs := swagger.Definitions // Verify the presence of the base Application/ApplicationList definitions - appDef, exists := defs["com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.Application"] + appDef, exists := defs["com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.Application"] if !exists { return swagger, fmt.Errorf("Application definition not found") } - listDef, exists := defs["com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList"] + listDef, exists := defs["com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.ApplicationList"] if !exists { return swagger, fmt.Errorf("ApplicationList definition not found") } @@ -215,8 +215,8 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { // Iterate over all registered GVKs (e.g., Bucket, Database, etc.) for _, gvk := range v1alpha1.RegisteredGVKs { // This will be something like: - // "com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.Bucket" - resourceName := fmt.Sprintf("com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.%s", gvk.Kind) + // "com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.Bucket" + resourceName := fmt.Sprintf("com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.%s", gvk.Kind) // 1. Create a copy of the base Application definition for the new resource newDef, err := DeepCopySchema(&appDef) @@ -242,7 +242,7 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { // 4. Now handle the corresponding List type (e.g., BucketList). // We'll start by copying the ApplicationList definition. - listResourceName := fmt.Sprintf("com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.%sList", gvk.Kind) + listResourceName := fmt.Sprintf("com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.%sList", gvk.Kind) newListDef, err := DeepCopySchema(&listDef) if err != nil { return nil, fmt.Errorf("failed to deepcopy schema for %sList: %w", gvk.Kind, err) @@ -275,8 +275,8 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) { } // Remove the original Application/ApplicationList from the definitions - delete(defs, "com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.Application") - delete(defs, "com.github.aenix-io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList") + delete(defs, "com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.Application") + delete(defs, "com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.ApplicationList") swagger.Definitions = defs return swagger, nil diff --git a/pkg/generated/applyconfiguration/apps/v1alpha1/application.go b/pkg/generated/applyconfiguration/apps/v1alpha1/application.go index 90eb7cd8..908e28fd 100644 --- a/pkg/generated/applyconfiguration/apps/v1alpha1/application.go +++ b/pkg/generated/applyconfiguration/apps/v1alpha1/application.go @@ -22,7 +22,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" v1 "k8s.io/client-go/applyconfigurations/meta/v1" - appsv1alpha1 "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" ) // ApplicationApplyConfiguration represents a declarative configuration of the Application type for use diff --git a/pkg/generated/applyconfiguration/utils.go b/pkg/generated/applyconfiguration/utils.go index 356c5854..a27b3d20 100644 --- a/pkg/generated/applyconfiguration/utils.go +++ b/pkg/generated/applyconfiguration/utils.go @@ -22,9 +22,9 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" testing "k8s.io/client-go/testing" - v1alpha1 "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" - internal "github.com/aenix-io/cozystack/pkg/generated/applyconfiguration/internal" - appsv1alpha1 "github.com/aenix-io/cozystack/pkg/generated/applyconfiguration/apps/v1alpha1" + v1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" + internal "github.com/cozystack/cozystack/pkg/generated/applyconfiguration/internal" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/generated/applyconfiguration/apps/v1alpha1" ) // ForKind returns an apply configuration type for the given GroupVersionKind, or nil if no diff --git a/pkg/generated/listers/apps/v1alpha1/application.go b/pkg/generated/listers/apps/v1alpha1/application.go index 2ab3c8e6..5bee71b4 100644 --- a/pkg/generated/listers/apps/v1alpha1/application.go +++ b/pkg/generated/listers/apps/v1alpha1/application.go @@ -22,7 +22,7 @@ import ( labels "k8s.io/apimachinery/pkg/labels" listers "k8s.io/client-go/listers" cache "k8s.io/client-go/tools/cache" - appsv1alpha1 "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" ) // ApplicationLister helps list Applications. diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index da8f8d15..2df4a3bd 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -30,9 +30,9 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.Application": schema_pkg_apis_apps_v1alpha1_Application(ref), - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.ApplicationList": schema_pkg_apis_apps_v1alpha1_ApplicationList(ref), - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus": schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref), + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application": schema_pkg_apis_apps_v1alpha1_Application(ref), + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationList": schema_pkg_apis_apps_v1alpha1_ApplicationList(ref), + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus": schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionRequest": schema_pkg_apis_apiextensions_v1_ConversionRequest(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionResponse": schema_pkg_apis_apiextensions_v1_ConversionResponse(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionReview": schema_pkg_apis_apiextensions_v1_ConversionReview(ref), @@ -157,14 +157,14 @@ func schema_pkg_apis_apps_v1alpha1_Application(ref common.ReferenceCallback) com "status": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus"), + Ref: ref("github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus"), }, }, }, }, }, Dependencies: []string{ - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -202,7 +202,7 @@ func schema_pkg_apis_apps_v1alpha1_ApplicationList(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.Application"), + Ref: ref("github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application"), }, }, }, @@ -213,7 +213,7 @@ func schema_pkg_apis_apps_v1alpha1_ApplicationList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1.Application", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } diff --git a/pkg/registry/apps/application/rest.go b/pkg/registry/apps/application/rest.go index 4b0028fd..9a3eb32d 100644 --- a/pkg/registry/apps/application/rest.go +++ b/pkg/registry/apps/application/rest.go @@ -39,8 +39,8 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/klog/v2" - appsv1alpha1 "github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1" - "github.com/aenix-io/cozystack/pkg/config" + appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" + "github.com/cozystack/cozystack/pkg/config" // Importing API errors package to construct appropriate error responses apierrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go index 3aa163ab..5131f71d 100644 --- a/pkg/registry/registry.go +++ b/pkg/registry/registry.go @@ -17,7 +17,7 @@ limitations under the License. package registry import ( - "github.com/aenix-io/cozystack/pkg/registry/apps/application" + "github.com/cozystack/cozystack/pkg/registry/apps/application" "k8s.io/apimachinery/pkg/runtime/schema" genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" "k8s.io/apiserver/pkg/registry/rest" diff --git a/scripts/installer.sh b/scripts/installer.sh index 4ec4e507..656b7bd1 100755 --- a/scripts/installer.sh +++ b/scripts/installer.sh @@ -3,7 +3,7 @@ set -o pipefail set -e BUNDLE=$(set -x; kubectl get configmap -n cozy-system cozystack -o 'go-template={{index .data "bundle-name"}}') -VERSION=9 +VERSION=10 run_migrations() { if ! kubectl get configmap -n cozy-system cozystack-version; then diff --git a/scripts/migrations/8 b/scripts/migrations/8 index bdff30cf..c7d7350c 100755 --- a/scripts/migrations/8 +++ b/scripts/migrations/8 @@ -1,5 +1,5 @@ #!/bin/sh -# Migration 7 --> 9 +# Migration 8 --> 9 if kubectl get clusterrolebinding kubeapps-admin-group; then kubectl delete clusterrolebinding kubeapps-admin-group diff --git a/scripts/migrations/9 b/scripts/migrations/9 new file mode 100755 index 00000000..cf6643af --- /dev/null +++ b/scripts/migrations/9 @@ -0,0 +1,10 @@ +#!/bin/sh +# Migration 9 --> 10 + +# Upgrade kubernetes.apps to new chart version +kubectl get kuberneteses.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do + kubectl patch kuberneteses.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"0.15.1"}' +done + +# Write version to cozystack-version config +kubectl create configmap -n cozy-system cozystack-version --from-literal=version=10 --dry-run=client -o yaml | kubectl apply -f- diff --git a/scripts/package.mk b/scripts/package.mk index ad1813e8..ca537213 100644 --- a/scripts/package.mk +++ b/scripts/package.mk @@ -15,7 +15,7 @@ apply: check suspend ## Apply Helm release to a Kubernetes cluster diff: check ## Diff Helm release against objects in a Kubernetes cluster kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | NAMESPACE=$(NAMESPACE) NAME=$(NAME) \ - helm diff upgrade --show-secrets --allow-unreleased --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . $(.VALUES_FILES) + helm diff upgrade --dry-run=server --show-secrets --allow-unreleased --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . $(.VALUES_FILES) suspend: check ## Suspend reconciliation for an existing Helm release kubectl patch hr -n $(NAMESPACE) $(NAME) -p '{"spec": {"suspend": true}}' --type=merge --field-manager=flux-client-side-apply