From 9839846f0667fe3173fcd624d8911c35c08f11d8 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:08:08 -0400 Subject: [PATCH 01/12] Remove /contrib/application Signed-off-by: Anna Jung (VMware) --- contrib/application/README.md | 7 - .../application-crds/base/crd.yaml | 233 ------------------ .../application-crds/base/kustomization.yaml | 4 - .../base/cluster-role-binding.yaml | 11 - .../application/base/cluster-role.yaml | 21 -- .../application/base/kustomization.yaml | 30 --- .../application/application/base/params.env | 1 - .../application/application/base/params.yaml | 3 - .../application/base/service-account.yaml | 4 - .../application/application/base/service.yaml | 7 - .../application/base/stateful-set.yaml | 29 --- .../overlays/application/application.yaml | 34 --- .../overlays/application/kustomization.yaml | 9 - .../overlays/debug/kustomization.yaml | 10 - .../overlays/debug/stateful-set.yaml | 25 -- contrib/application/v3/kustomization.yaml | 25 -- 16 files changed, 453 deletions(-) delete mode 100644 contrib/application/README.md delete mode 100644 contrib/application/application-crds/base/crd.yaml delete mode 100644 contrib/application/application-crds/base/kustomization.yaml delete mode 100644 contrib/application/application/base/cluster-role-binding.yaml delete mode 100644 contrib/application/application/base/cluster-role.yaml delete mode 100644 contrib/application/application/base/kustomization.yaml delete mode 100644 contrib/application/application/base/params.env delete mode 100644 contrib/application/application/base/params.yaml delete mode 100644 contrib/application/application/base/service-account.yaml delete mode 100644 contrib/application/application/base/service.yaml delete mode 100644 contrib/application/application/base/stateful-set.yaml delete mode 100644 contrib/application/application/overlays/application/application.yaml delete mode 100644 contrib/application/application/overlays/application/kustomization.yaml delete mode 100644 contrib/application/application/overlays/debug/kustomization.yaml delete mode 100644 contrib/application/application/overlays/debug/stateful-set.yaml delete mode 100644 contrib/application/v3/kustomization.yaml diff --git a/contrib/application/README.md b/contrib/application/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/application/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/application/application-crds/base/crd.yaml b/contrib/application/application-crds/base/crd.yaml deleted file mode 100644 index bd5a7b2938..0000000000 --- a/contrib/application/application-crds/base/crd.yaml +++ /dev/null @@ -1,233 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: applications.app.k8s.io -spec: - group: app.k8s.io - names: - kind: Application - plural: applications - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - addOwnerRef: - type: boolean - assemblyPhase: - type: string - componentKinds: - items: - type: object - type: array - descriptor: - properties: - description: - type: string - icons: - items: - properties: - size: - type: string - src: - type: string - type: - type: string - required: - - src - type: object - type: array - keywords: - items: - type: string - type: array - links: - items: - properties: - description: - type: string - url: - type: string - type: object - type: array - maintainers: - items: - properties: - email: - type: string - name: - type: string - url: - type: string - type: object - type: array - notes: - type: string - owners: - items: - properties: - email: - type: string - name: - type: string - url: - type: string - type: object - type: array - type: - type: string - version: - type: string - type: object - info: - items: - properties: - name: - type: string - type: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - ingressRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - host: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - path: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - secretKeyRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - serviceRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - path: - type: string - port: - format: int32 - type: integer - resourceVersion: - type: string - uid: - type: string - type: object - type: - type: string - type: object - type: object - type: array - selector: - type: object - type: object - status: - properties: - components: - items: - properties: - group: - type: string - kind: - type: string - link: - type: string - name: - type: string - status: - type: string - type: object - type: array - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - observedGeneration: - format: int64 - type: integer - type: object - version: v1beta1 diff --git a/contrib/application/application-crds/base/kustomization.yaml b/contrib/application/application-crds/base/kustomization.yaml deleted file mode 100644 index 6e120e7b63..0000000000 --- a/contrib/application/application-crds/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- crd.yaml diff --git a/contrib/application/application/base/cluster-role-binding.yaml b/contrib/application/application/base/cluster-role-binding.yaml deleted file mode 100644 index f7fe51dff5..0000000000 --- a/contrib/application/application/base/cluster-role-binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-role -subjects: -- kind: ServiceAccount - name: service-account diff --git a/contrib/application/application/base/cluster-role.yaml b/contrib/application/application/base/cluster-role.yaml deleted file mode 100644 index 169fc3bb6d..0000000000 --- a/contrib/application/application/base/cluster-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cluster-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - app.k8s.io - resources: - - '*' - verbs: - - '*' diff --git a/contrib/application/application/base/kustomization.yaml b/contrib/application/application/base/kustomization.yaml deleted file mode 100644 index 7cb68a1499..0000000000 --- a/contrib/application/application/base/kustomization.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cluster-role.yaml -- cluster-role-binding.yaml -- service-account.yaml -- service.yaml -- stateful-set.yaml -namespace: kubeflow -nameprefix: application-controller- -configMapGenerator: -- name: parameters - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true -images: -- name: gcr.io/kubeflow-images-public/kubernetes-sigs/application - newName: gcr.io/kubeflow-images-public/kubernetes-sigs/application - newTag: 1.0-beta -vars: -- name: project - objref: - kind: ConfigMap - name: parameters - apiVersion: v1 - fieldref: - fieldpath: data.project -configurations: -- params.yaml diff --git a/contrib/application/application/base/params.env b/contrib/application/application/base/params.env deleted file mode 100644 index 8a76300feb..0000000000 --- a/contrib/application/application/base/params.env +++ /dev/null @@ -1 +0,0 @@ -project= diff --git a/contrib/application/application/base/params.yaml b/contrib/application/application/base/params.yaml deleted file mode 100644 index e544ce9bde..0000000000 --- a/contrib/application/application/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/template/spec/containers/image - kind: StatefulSet diff --git a/contrib/application/application/base/service-account.yaml b/contrib/application/application/base/service-account.yaml deleted file mode 100644 index a36cbd800f..0000000000 --- a/contrib/application/application/base/service-account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: service-account diff --git a/contrib/application/application/base/service.yaml b/contrib/application/application/base/service.yaml deleted file mode 100644 index c7368f9703..0000000000 --- a/contrib/application/application/base/service.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: service -spec: - ports: - - port: 443 diff --git a/contrib/application/application/base/stateful-set.yaml b/contrib/application/application/base/stateful-set.yaml deleted file mode 100644 index 11e52d8500..0000000000 --- a/contrib/application/application/base/stateful-set.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: stateful-set -spec: - serviceName: service - selector: - matchLabels: - app: application-controller - template: - metadata: - labels: - app: application-controller - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - name: manager - command: - - /root/manager - image: gcr.io/kubeflow-images-public/kubernetes-sigs/application - imagePullPolicy: Always - env: - # TODO(https://github.com/kubeflow/manifests/issues/1043) - # Do we really need this? - - name: project - value: $(project) - serviceAccountName: service-account - volumeClaimTemplates: [] diff --git a/contrib/application/application/overlays/application/application.yaml b/contrib/application/application/overlays/application/application.yaml deleted file mode 100644 index 8824962857..0000000000 --- a/contrib/application/application/overlays/application/application.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: kubeflow -spec: - selector: - matchLabels: - app.kubernetes.io/name: kubeflow - app.kubernetes.io/instance: kubeflow-v0.7.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: kubeflow - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.7.0 - componentKinds: - - group: app.k8s.io - kind: Application - descriptor: - type: kubeflow - version: v1beta1 - description: application that aggregates all kubeflow applications - maintainers: - - name: Jeremy Lewi - email: jlewi@google.com - - name: Kam Kasravi - email: kam.d.kasravi@intel.com - owners: - - name: Jeremy Lewi - email: jlewi@google.com - keywords: - - kubeflow - links: - - description: About - url: "https://kubeflow.org" - addOwnerRef: true diff --git a/contrib/application/application/overlays/application/kustomization.yaml b/contrib/application/application/overlays/application/kustomization.yaml deleted file mode 100644 index fcba25a239..0000000000 --- a/contrib/application/application/overlays/application/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app.kubernetes.io/component: kubeflow - app.kubernetes.io/name: kubeflow -kind: Kustomization -resources: -- application.yaml diff --git a/contrib/application/application/overlays/debug/kustomization.yaml b/contrib/application/application/overlays/debug/kustomization.yaml deleted file mode 100644 index 93fb76babc..0000000000 --- a/contrib/application/application/overlays/debug/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -patchesStrategicMerge: -- stateful-set.yaml -images: -- name: gcr.io/$(project)/application-controller - newName: gcr.io/$(project)/application-controller - newTag: latest diff --git a/contrib/application/application/overlays/debug/stateful-set.yaml b/contrib/application/application/overlays/debug/stateful-set.yaml deleted file mode 100644 index 9408dee619..0000000000 --- a/contrib/application/application/overlays/debug/stateful-set.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: stateful-set -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - name: manager - image: gcr.io/$(project)/application-controller:latest - command: - - /go/bin/dlv - args: - - --listen=:2345 - - --headless=true - - --api-version=2 - - exec - - /go/src/github.com/kubernetes-sigs/application/manager - ports: - - containerPort: 2345 - securityContext: - privileged: true diff --git a/contrib/application/v3/kustomization.yaml b/contrib/application/v3/kustomization.yaml deleted file mode 100644 index 1178d2b180..0000000000 --- a/contrib/application/v3/kustomization.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This kustomize package contains a complete install -# of the application CR and controller for use with -# http://bit.ly/kf_kustomize_v3 -# TODO(jlewi): Once we migrate fully to stacks we might want -# to refactor and cleanup the manifests. -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -nameprefix: application-controller- -commonLabels: - app.kubernetes.io/component: kubeflow - app.kubernetes.io/name: kubeflow -resources: -- ../application-crds/base -- ../application/base/cluster-role.yaml -- ../application/base/cluster-role-binding.yaml -- ../application/base/service-account.yaml -- ../application/base/service.yaml -- ../application/base/stateful-set.yaml -- ../application/overlays/application/application.yaml -images: -- name: gcr.io/kubeflow-images-public/kubernetes-sigs/application - newName: gcr.io/kubeflow-images-public/kubernetes-sigs/application - newTag: 1.0-beta - From df72cfcd41a372e47f9a74f0bb9be3e89b2b0633 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:08:54 -0400 Subject: [PATCH 02/12] Remove /contrib/basic-auth Signed-off-by: Anna Jung (VMware) --- contrib/basic-auth/README.md | 7 --- .../base/gatekeeper-deployment.yaml | 40 ---------------- .../basic-auth/base/gatekeeper-service.yaml | 22 --------- .../basic-auth/base/kflogin-deployment.yaml | 23 --------- contrib/basic-auth/base/kflogin-service.yaml | 24 ---------- contrib/basic-auth/base/kustomization.yaml | 47 ------------------- contrib/basic-auth/base/params.env | 2 - contrib/basic-auth/base/params.yaml | 5 -- .../istio/kflogin-virtual-service.yaml | 20 -------- .../overlays/istio/kustomization.yaml | 8 ---- contrib/basic-auth/overlays/istio/params.yaml | 3 -- 11 files changed, 201 deletions(-) delete mode 100644 contrib/basic-auth/README.md delete mode 100644 contrib/basic-auth/base/gatekeeper-deployment.yaml delete mode 100644 contrib/basic-auth/base/gatekeeper-service.yaml delete mode 100644 contrib/basic-auth/base/kflogin-deployment.yaml delete mode 100644 contrib/basic-auth/base/kflogin-service.yaml delete mode 100644 contrib/basic-auth/base/kustomization.yaml delete mode 100644 contrib/basic-auth/base/params.env delete mode 100644 contrib/basic-auth/base/params.yaml delete mode 100644 contrib/basic-auth/overlays/istio/kflogin-virtual-service.yaml delete mode 100644 contrib/basic-auth/overlays/istio/kustomization.yaml delete mode 100644 contrib/basic-auth/overlays/istio/params.yaml diff --git a/contrib/basic-auth/README.md b/contrib/basic-auth/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/basic-auth/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/basic-auth/base/gatekeeper-deployment.yaml b/contrib/basic-auth/base/gatekeeper-deployment.yaml deleted file mode 100644 index d422f365f7..0000000000 --- a/contrib/basic-auth/base/gatekeeper-deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: basic-auth -spec: - selector: - matchLabels: - app: basic-auth - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: basic-auth - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - name: app - args: - - --username=$(USERNAME) - - --pwhash=$(PASSWORDHASH) - command: - - /opt/kubeflow/gatekeeper - env: - - name: USERNAME - valueFrom: - secretKeyRef: - key: username - name: $(authSecretName) - - name: PASSWORDHASH - valueFrom: - secretKeyRef: - key: passwordhash - name: $(authSecretName) - image: gcr.io/kubeflow-images-public/gatekeeper:v0.5.0 - ports: - - containerPort: 8085 - workingDir: /opt/kubeflow diff --git a/contrib/basic-auth/base/gatekeeper-service.yaml b/contrib/basic-auth/base/gatekeeper-service.yaml deleted file mode 100644 index acd600a325..0000000000 --- a/contrib/basic-auth/base/gatekeeper-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - getambassador.io/config: |- - --- - apiVersion: ambassador/v0 - kind: AuthService - name: basic-auth - auth_service: basic-auth.$(service-namespace):8085 - allowed_headers: - - "x-from-login" - labels: - app: basic-auth - name: basic-auth -spec: - ports: - - port: 8085 - targetPort: 8085 - selector: - app: basic-auth - type: ClusterIP diff --git a/contrib/basic-auth/base/kflogin-deployment.yaml b/contrib/basic-auth/base/kflogin-deployment.yaml deleted file mode 100644 index f547259b68..0000000000 --- a/contrib/basic-auth/base/kflogin-deployment.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: basic-auth-login -spec: - selector: - matchLabels: - app: basic-auth-login - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: basic-auth-login - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - name: app - image: gcr.io/kubeflow-images-public/kflogin-ui:v0.5.0 - ports: - - containerPort: 5000 diff --git a/contrib/basic-auth/base/kflogin-service.yaml b/contrib/basic-auth/base/kflogin-service.yaml deleted file mode 100644 index cf59ffae4d..0000000000 --- a/contrib/basic-auth/base/kflogin-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - getambassador.io/config: |- - --- - apiVersion: ambassador/v0 - kind: Mapping - name: kflogin-mapping - prefix: /kflogin - rewrite: /kflogin - timeout_ms: 300000 - service: basic-auth-login.$(service-namespace) - use_websocket: true - labels: - app: basic-auth-login - name: basic-auth-login -spec: - ports: - - port: 80 - targetPort: 5000 - selector: - app: basic-auth-login - type: ClusterIP diff --git a/contrib/basic-auth/base/kustomization.yaml b/contrib/basic-auth/base/kustomization.yaml deleted file mode 100644 index dab025bebf..0000000000 --- a/contrib/basic-auth/base/kustomization.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- kflogin-deployment.yaml -- gatekeeper-deployment.yaml -- gatekeeper-service.yaml -- kflogin-service.yaml -commonLabels: - kustomize.component: basic-auth -namespace: kubeflow -images: -- name: gcr.io/kubeflow-images-public/kflogin-ui - newName: gcr.io/kubeflow-images-public/kflogin-ui - newTag: v0.5.0 -- name: gcr.io/kubeflow-images-public/gatekeeper - newName: gcr.io/kubeflow-images-public/gatekeeper - newTag: v0.5.0 -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- name: basic-auth-parameters - envs: - - params.env -vars: -- name: service-namespace - objref: - kind: Service - name: basic-auth-login - apiVersion: v1 - fieldref: - fieldpath: metadata.namespace -- name: authSecretName - objref: - kind: ConfigMap - name: basic-auth-parameters - apiVersion: v1 - fieldref: - fieldpath: data.authSecretName -- name: clusterDomain - objref: - kind: ConfigMap - name: basic-auth-parameters - apiVersion: v1 - fieldref: - fieldpath: data.clusterDomain -configurations: -- params.yaml diff --git a/contrib/basic-auth/base/params.env b/contrib/basic-auth/base/params.env deleted file mode 100644 index a01fe6f0c5..0000000000 --- a/contrib/basic-auth/base/params.env +++ /dev/null @@ -1,2 +0,0 @@ -authSecretName=kubeflow-login -clusterDomain=cluster.local diff --git a/contrib/basic-auth/base/params.yaml b/contrib/basic-auth/base/params.yaml deleted file mode 100644 index d6729bedaf..0000000000 --- a/contrib/basic-auth/base/params.yaml +++ /dev/null @@ -1,5 +0,0 @@ -varReference: -- path: metadata/annotations/getambassador.io\/config - kind: Service -- path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name - kind: Deployment diff --git a/contrib/basic-auth/overlays/istio/kflogin-virtual-service.yaml b/contrib/basic-auth/overlays/istio/kflogin-virtual-service.yaml deleted file mode 100644 index 392ac791e1..0000000000 --- a/contrib/basic-auth/overlays/istio/kflogin-virtual-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: basic-auth-login -spec: - gateways: - - kubeflow-gateway - hosts: - - '*' - http: - - match: - - uri: - prefix: /kflogin - rewrite: - uri: /kflogin - route: - - destination: - host: basic-auth-login.$(service-namespace).svc.$(clusterDomain) - port: - number: 8085 diff --git a/contrib/basic-auth/overlays/istio/kustomization.yaml b/contrib/basic-auth/overlays/istio/kustomization.yaml deleted file mode 100644 index 47457d0154..0000000000 --- a/contrib/basic-auth/overlays/istio/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -resources: -- kflogin-virtual-service.yaml -configurations: -- params.yaml diff --git a/contrib/basic-auth/overlays/istio/params.yaml b/contrib/basic-auth/overlays/istio/params.yaml deleted file mode 100644 index eea869e0d4..0000000000 --- a/contrib/basic-auth/overlays/istio/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/http/route/destination/host - kind: VirtualService From 1cafef32777fab42b76bb32dc1a9159386ff5fad Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:09:13 -0400 Subject: [PATCH 03/12] Remove /contrib/dex-auth Signed-off-by: Anna Jung (VMware) --- contrib/dex-auth/OWNERS | 3 - contrib/dex-auth/README.md | 177 ------------------ .../dex-authenticator/base/config-map.yaml | 93 --------- .../dex-authenticator/base/deployment.yaml | 57 ------ .../dex-authenticator/base/kustomization.yaml | 68 ------- .../dex-authenticator/base/namespace.yaml | 4 - .../dex-authenticator/base/params.env | 9 - .../dex-authenticator/base/params.yaml | 3 - .../dex-authenticator/base/service.yaml | 16 -- .../base_v3/kustomization.yaml | 68 ------- .../dex-auth/dex-ldap/base/deployment.yaml | 31 --- .../dex-auth/dex-ldap/base/kustomization.yaml | 15 -- contrib/dex-auth/dex-ldap/base/namespace.yaml | 4 - contrib/dex-auth/dex-ldap/base/service.yaml | 31 --- .../keycloak-gatekeeper/base/config-map.yaml | 70 ------- .../keycloak-gatekeeper/base/deployment.yaml | 61 ------ .../base/kustomization.yaml | 74 -------- .../keycloak-gatekeeper/base/namespace.yaml | 4 - .../keycloak-gatekeeper/base/params.env | 7 - .../keycloak-gatekeeper/base/params.yaml | 3 - .../keycloak-gatekeeper/base/service.yaml | 15 -- .../base/virtualservice.yaml | 21 --- .../base_v3/kustomization.yaml | 71 ------- 23 files changed, 905 deletions(-) delete mode 100644 contrib/dex-auth/OWNERS delete mode 100644 contrib/dex-auth/README.md delete mode 100644 contrib/dex-auth/dex-authenticator/base/config-map.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base/deployment.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base/kustomization.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base/namespace.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base/params.env delete mode 100644 contrib/dex-auth/dex-authenticator/base/params.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base/service.yaml delete mode 100644 contrib/dex-auth/dex-authenticator/base_v3/kustomization.yaml delete mode 100644 contrib/dex-auth/dex-ldap/base/deployment.yaml delete mode 100644 contrib/dex-auth/dex-ldap/base/kustomization.yaml delete mode 100644 contrib/dex-auth/dex-ldap/base/namespace.yaml delete mode 100644 contrib/dex-auth/dex-ldap/base/service.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/config-map.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/deployment.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/kustomization.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/namespace.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/params.env delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/params.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/service.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base/virtualservice.yaml delete mode 100644 contrib/dex-auth/keycloak-gatekeeper/base_v3/kustomization.yaml diff --git a/contrib/dex-auth/OWNERS b/contrib/dex-auth/OWNERS deleted file mode 100644 index c5ed26dfb6..0000000000 --- a/contrib/dex-auth/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -approvers: - - krishnadurai - - yanniszark diff --git a/contrib/dex-auth/README.md b/contrib/dex-auth/README.md deleted file mode 100644 index 0f464041a6..0000000000 --- a/contrib/dex-auth/README.md +++ /dev/null @@ -1,177 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). - - -# Kubeflow Authentication and Authorization Prototype - -This implementation's target platforms are Kubernetes clusters with access to modify Kubernetes' API config file, which is generally possible with on Premise installations of Kubernetes. - -**Note**: This setup assumes Kubeflow Pipelines is setup in namespace kubeflow and Istio is already setup in the Kubernetes cluster. - -## High Level Diagram -![Authentication and Authorization in Kubeflow](/docs/dex-auth/assets/auth-istio.png) - - -## Create SSL Certificates - -This example is going to require three domains: -- dex.example.org: For the authentication server -- login.example.org: For the client application for authentication through dex (optional) -- ldap-admin.example.org: For the admin interface to create LDAP users and groups (optional) - -**Note**: Replace *example.org* with your own domain. - -With your trusted certificate signing authority, please create a certificate for the above domains. - -### Why Self Signed SSL Certs will not work - -Authentication through OIDC in Kubernetes does work with self signed certificates since the `--oidc-ca-file` parameter in the Kubernetes API server allows for adding a trusted CA for your authentication server. - -Though Istio's authentication policy parameter `jwksUri` for [End User Authentication](https://istio.io/docs/ops/security/end-user-auth/) does [not allow self signed certificates](https://github.com/istio/istio/issues/7290#issuecomment-420748056). - -Please generate certificates with a trusted authority for enabling this example or follow this [work-around](#work-around-a-way-to-use-self-signed-certificates). - -## Server Setup Instructions - -### Authentication Server Setup - -#### Setup Post Certificate Creation - -*TODO*(krishnadurai): Make this a part of kfctl - -`kubectl create namespace auth` - -*Note*: This step is not required if you disable TLS in Dex configuration - -`kubectl create secret tls dex.example.com.tls --cert=ssl/cert.pem --key=ssl/key.pem -n auth` - -Replace `dex.example.com.tls` with your own domain. - -#### Parameterizing the setup - -##### Variables in params environment files [dex-authenticator](dex-authenticator/base/params.env), [dex-crds](dex-crds/base/params.env) and [istio](/docs/dex-auth/examples/authentication/Istio): - - dex_domain: Domain for your dex server - - issuer: Issuer URL for dex server - - static_email: User Email for staticPasswords configuration - - static_password_hash: User's password for staticPasswords configuration - - static_user_id: User id for staticPasswords configuration - - static_username: Username for for staticPasswords configuration - - ldap_host: URL for LDAP server for dex to connect to - - ldap_bind_dn: LDAP Overlay's bind distinguished name (DN) - - ldap_bind_pw: LDAP Overlay's bind password for the above account - - ldap_user_base_dn: LDAP Server's user base DN - - ldap_group_base_dn: LDAP Server's group base DN - - dex_client_id: ID for the dex client application - - oidc_redirect_uris: Redirect URIs for OIDC client callback - - dex_application_secret: Application secret for dex client - - jwks_uri: URL pointing to the hosted JWKS keys - - cluster_name: Name for your Kubernetes Cluster for dex to refer to - - dex_client_redirect_uri: Single redirect URI for OIDC client callback - - k8s_master_uri: Kubernetes API master server's URI - - dex_client_listen_addr: Listen address for dex client to login - - **Keycloak Gatekeeper variables in params [environment file](keycloak-gatekeeper/base/params.env):** - - - client_id: ID for the authentication proxy client application - - client_secret: Application secret for authentication client - - secure_cookie: Set to true for TLS based cookie - - discovery_url: Is the url for retrieve the openid configuration - normally the /auth/realm/ - - upstream_url: The upstream endpoint which we should proxy request - - redirection_url: The redirection url, essentially the site url, note: /oauth/callback is added at the end - - encryption_key: The encryption key used to encode the session state - -##### Certificate files: - -*Identity Provider (Dex) CA file:* - -This is the CA cert generated for Dex. - -``` -kubectl create configmap ca --from-file=ca.pem -n auth -``` - -*Kubernetes API Server CA file:* - -This is the CA cert for your Kubernetes cluster generated while installing Kubernetes. - -``` -kubectl create configmap k8s-ca --from-file=k8s_ca.pem -n auth -``` - -##### This kustomize configs sets up: - - A Dex server with LDAP IdP and a client application (dex-k8s-authenticator) for issuing keys for Dex. - -#### Apply Kustomize Configs - -**LDAP** - -``` -cd dex-ldap -kustomize build base | kubectl apply -f - -``` - -**Dex** - -*For staticPassword configuration:* -``` -cd dex-crds -kustomize build base | kubectl apply -f - -``` - -*For LDAP configuration:* -``` -cd dex-crds -kustomize build overlays/ldap | kubectl apply -f - -``` - -**Dex Kubernetes Authentication Client** - -``` -cd dex-authenticator -kustomize build base | kubectl apply -f - -``` - -**Keycloak Gatekeeper (Proxy) Authentication Client** - -``` -cd keycloak-gatekeeper -kustomize build base | kubectl apply -f - -``` - -### Setup Kubernetes OIDC Authentication - -The following parameters need to be set in Kubernetes API Server configuration file usually found in: `/etc/kubernetes/manifests/kube-apiserver.yaml`. - -- --oidc-issuer-url=https://dex.example.org:32000 -- --oidc-client-id=ldapdexapp -- --oidc-ca-file=/etc/ssl/certs/openid-ca.pem -- --oidc-username-claim=email -- --oidc-groups-claim=groups - -`oidc-ca-file` needs to have the path to the file containing the certificate authority for the dex server's domain: dex.example.com. - -Refer [official documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#configuring-the-api-server) for meanings of these parameters. - -When you have added these flags, Kubernetes should restart kube-apiserver pod. If not, run this command: `sudo systemctl restart kubelet` in your Kubernetes API Server master node. You can check flags in the pod description: - -`kubectl describe pod kube-apiserver -n kube-system` - - -## Work-around: A way to use Self-Signed Certificates - -* Execute `examples/gencert.sh` on your terminal and it should create a folder `ssl` containing all required self signed certificates. - -* Copy the JWKS keys from `https://dex.example.com/keys` and host these keys in a public repository as a file. This public repository should have a verified a https SSL certificate (for e.g. github). - -* Copy the file url from the public repository in the `jwks_uri` parameter for [Istio Authentication Policy](/docs/dex-auth/examples/authentication/Istio/params.env) config: - -``` -jwks_uri="https://raw.githubusercontent.com/example-organisation/jwks/master/auth-jwks.json" -``` - -* Note that this is just a work around and JWKS keys are rotated by the Authentication Server. These JWKS keys will become invalid after the rotation period and you will have to re-upload the new keys back to your public repository. diff --git a/contrib/dex-auth/dex-authenticator/base/config-map.yaml b/contrib/dex-auth/dex-authenticator/base/config-map.yaml deleted file mode 100644 index 2db2ba79c7..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/config-map.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: dex-authenticator-cm - labels: - app: dex-authenticator -data: - config.yaml: |- - clusters: - # Specify 1 or more clusters - - name: $(cluster_name) - - # Descriptions used in the WebUI - short_description: "Dex Cluster" - description: "Dex Server for Kubeflow" - - # Redirect Url pointing to dex-k8s-authenticator callback for this cluster - # This should be configured in Dex as part of the staticClients - # redirectURIs option - redirect_uri: $(client_redirect_uri) - - # Client Secret - should match value in Dex - client_secret: $(application_secret) - - # Client ID - should match value in Dex - client_id: $(client_id) - - # Dex Issuer - Must be resolvable - issuer: $(issuer) - - # Url to k8s API endpoint - used in WebUI instructions for generating - # kubeconfig - k8s_master_uri: $(k8s_master_uri) - - # don't use username for context - static_context_name: false - - # CA for your k8s cluster - used in WebUI instructions for generating - # kubeconfig - # Both k8s_ca_uri and k8s_ca_pem are optional - you typically specifiy - # one or the other if required - # - # Provides a link to the CA from a hosted site - # k8s_ca_uri: http://url-to-your-ca.crt - # - # Provides abililty to specify CA inline - # k8s_ca_pem: | - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- - k8s_ca_pem_file: /app/k8s_ca.pem - - # Specify multiple extra root CA files to be loaded - # trusted_root_ca: - # -| - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- - trusted_root_ca_file: /app/idp_ca.pem - - # Specify path to tls_cert and tls_key - if enabled, set liten to use https - # tls_cert: /path/to/dex-client.crt - # tls_key: /path/to/dex-client.key - - # CA for your IDP - used in WebUI instructions for generating - # kubeconfig - # Both idp_ca_uri and idp_ca_pem are optional - you typically specifiy - # one or the other if required - # - # Provides a link to the CA from a hosted site - # idp_ca_uri: http://url-to-your-ca.crt - # - # Provides abililty to specify CA inline - # idp_ca_pem: | - # -----BEGIN CERTIFICATE----- - # ... - # -----END CERTIFICATE----- - idp_ca_pem_file: /app/idp_ca.pem - - # Which address to listen on (set to https if tls configured) - listen: $(client_listen_addr) - - # A path-prefix from which to serve requests and assets - web_path_prefix: / - - # Optional kubectl version which provides a download link to the the binary - kubectl_version: v1.11.2 - - # Optional Url to display a logo image - # logo_uri: http:// - - # Enable more debug - debug: false diff --git a/contrib/dex-auth/dex-authenticator/base/deployment.yaml b/contrib/dex-auth/dex-authenticator/base/deployment.yaml deleted file mode 100644 index 4a609b0010..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dex-authenticator - labels: - app: dex-authenticator - env: dev -spec: - replicas: 1 - selector: - matchLabels: - app: dex-authenticator - template: - metadata: - labels: - app: dex-authenticator - spec: - containers: - - name: dex-k8s-authenticator - image: "mintel/dex-k8s-authenticator:1.2.0" - imagePullPolicy: Always - args: [ "--config", "config.yaml" ] - ports: - - name: http - containerPort: 5555 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: http - readinessProbe: - httpGet: - path: /healthz - port: http - volumeMounts: - - name: config - subPath: config.yaml - mountPath: /app/config.yaml - - name: idp-ca - subPath: ca.pem - mountPath: /app/idp_ca.pem - - name: k8s-ca - subPath: k8s_ca.pem - mountPath: /app/k8s_ca.pem - resources: - {} - - volumes: - - name: config - configMap: - name: dex-authenticator-cm - - name: idp-ca - configMap: - name: ca - - name: k8s-ca - configMap: - name: k8s-ca diff --git a/contrib/dex-auth/dex-authenticator/base/kustomization.yaml b/contrib/dex-auth/dex-authenticator/base/kustomization.yaml deleted file mode 100644 index f377ae9e55..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/kustomization.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: auth -resources: -- namespace.yaml -- config-map.yaml -- deployment.yaml -- service.yaml -configMapGenerator: -- name: dex-authn-parameters - envs: - - params.env -vars: -- name: issuer - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.issuer -- name: client_id - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.client_id -- name: application_secret - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.application_secret -- name: cluster_name - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.cluster_name -- name: k8s_master_uri - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.k8s_master_uri -- name: client_redirect_uri - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.client_redirect_uri -- name: client_listen_addr - objref: - kind: ConfigMap - name: dex-authn-parameters - apiVersion: v1 - fieldref: - fieldpath: data.client_listen_addr -configurations: -- params.yaml -images: -- name: mintel/dex-k8s-authenticator - newName: mintel/dex-k8s-authenticator - newTag: 1.2.0 diff --git a/contrib/dex-auth/dex-authenticator/base/namespace.yaml b/contrib/dex-auth/dex-authenticator/base/namespace.yaml deleted file mode 100644 index 6b34cabc07..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: auth diff --git a/contrib/dex-auth/dex-authenticator/base/params.env b/contrib/dex-auth/dex-authenticator/base/params.env deleted file mode 100644 index 5f3ae06a7c..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/params.env +++ /dev/null @@ -1,9 +0,0 @@ -# Dex Server Parameters (some params are shared with client) -# Set issuer to https if tls is enabled -issuer=http://dex.example.com:32000 -client_id=ldapdexapp -application_secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok -cluster_name=onprem-cluster -client_redirect_uri=http://login.example.org:5555/callback/onprem-cluster -k8s_master_uri=https://k8s.example.com:443 -client_listen_addr=http://127.0.0.1:5555 # Set to HTTPS if TLS is configured diff --git a/contrib/dex-auth/dex-authenticator/base/params.yaml b/contrib/dex-auth/dex-authenticator/base/params.yaml deleted file mode 100644 index 5d9e2ad52a..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: data/config.yaml - kind: ConfigMap diff --git a/contrib/dex-auth/dex-authenticator/base/service.yaml b/contrib/dex-auth/dex-authenticator/base/service.yaml deleted file mode 100644 index 34781da78b..0000000000 --- a/contrib/dex-auth/dex-authenticator/base/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: dex-authenticator - labels: - app: dex-authenticator -spec: - type: NodePort - ports: - - port: 5555 - targetPort: 5555 - nodePort: 32002 - protocol: TCP - name: http - selector: - app: dex-authenticator diff --git a/contrib/dex-auth/dex-authenticator/base_v3/kustomization.yaml b/contrib/dex-auth/dex-authenticator/base_v3/kustomization.yaml deleted file mode 100644 index b69579d749..0000000000 --- a/contrib/dex-auth/dex-authenticator/base_v3/kustomization.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: auth -resources: -- ../base/namespace.yaml -- ../base/config-map.yaml -- ../base/deployment.yaml -- ../base/service.yaml -configMapGenerator: -- name: dex-authn-config - envs: - - ../base/params.env -vars: -- name: issuer - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.issuer -- name: client_id - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.client_id -- name: application_secret - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.application_secret -- name: cluster_name - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.cluster_name -- name: k8s_master_uri - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.k8s_master_uri -- name: client_redirect_uri - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.client_redirect_uri -- name: client_listen_addr - objref: - kind: ConfigMap - name: dex-authn-config - apiVersion: v1 - fieldref: - fieldpath: data.client_listen_addr -configurations: -- ../base/params.yaml -images: -- name: mintel/dex-k8s-authenticator - newName: mintel/dex-k8s-authenticator - newTag: 1.2.0 diff --git a/contrib/dex-auth/dex-ldap/base/deployment.yaml b/contrib/dex-auth/dex-ldap/base/deployment.yaml deleted file mode 100644 index 5bbe551d9a..0000000000 --- a/contrib/dex-auth/dex-ldap/base/deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ldap - labels: - app: ldap -spec: - replicas: 1 - selector: - matchLabels: - app: ldap - template: - metadata: - labels: - app: ldap - spec: - containers: - - name: openldap - image: osixia/openldap - ports: - - containerPort: 389 - - containerPort: 636 - - name: phpldapadmin - image: osixia/phpldapadmin - ports: - - containerPort: 80 - env: - - name: PHPLDAPADMIN_HTTPS - value: "false" - - name: PHPLDAPADMIN_LDAP_HOSTS - value: localhost diff --git a/contrib/dex-auth/dex-ldap/base/kustomization.yaml b/contrib/dex-auth/dex-ldap/base/kustomization.yaml deleted file mode 100644 index 1ec6646215..0000000000 --- a/contrib/dex-auth/dex-ldap/base/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: auth - -resources: -- namespace.yaml -- deployment.yaml -- service.yaml -images: -- name: osixia/openldap - newName: osixia/openldap - newTag: latest -- name: osixia/phpldapadmin - newName: osixia/phpldapadmin - newTag: latest diff --git a/contrib/dex-auth/dex-ldap/base/namespace.yaml b/contrib/dex-auth/dex-ldap/base/namespace.yaml deleted file mode 100644 index 6b34cabc07..0000000000 --- a/contrib/dex-auth/dex-ldap/base/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: auth diff --git a/contrib/dex-auth/dex-ldap/base/service.yaml b/contrib/dex-auth/dex-ldap/base/service.yaml deleted file mode 100644 index 201e21c2be..0000000000 --- a/contrib/dex-auth/dex-ldap/base/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -apiVersion: v1 -kind: Service -metadata: - name: ldap -spec: - ports: - - name: ldap - port: 389 - targetPort: 389 - - name: ldap-ssl - port: 636 - targetPort: 636 - selector: - app: ldap - ---- - -apiVersion: v1 -kind: Service -metadata: - name: ldap-admin -spec: - type: NodePort - ports: - - port: 80 - targetPort: 80 - nodePort: 32006 - selector: - app: ldap diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/config-map.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/config-map.yaml deleted file mode 100644 index aa9dd3a418..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/config-map.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: keycloak-gatekeeper-page-templates -data: - forbidden-page: | - - - - - Forbidden - - - - -
(°◇°)
-
-
-

Access forbidden

-

You do not have sufficient privileges to access this resource.

-
-
- - - - login-page: | - - - - - Redirecting to SSO login page... - - - - - -
¯\_(ツ)_/¯
-
-
-

Access token expired

-

You will be automatically redirected to your SSO provider's Sign In page for this app.

-

If not, click here to sign in.

-
-
- - - diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/deployment.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/deployment.yaml deleted file mode 100644 index 618534a311..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: keycloak-gatekeeper -spec: - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: keycloak-gatekeeper - template: - metadata: - labels: - app: keycloak-gatekeeper - annotations: - checksum/config: 485074e1c0607eca69f97a813313e55bce27515a65f57b11036c8dd074ea3a30 - spec: - securityContext: - fsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - containers: - - name: main - image: keycloak/keycloak-gatekeeper:5.0.0 - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 3000 - protocol: TCP - args: - - --listen=:3000 - - --client-id=$(client_id) - - --client-secret=$(client_secret) - - --secure-cookie=$(secure_cookie) - - --discovery-url=$(discovery_url) - - --upstream-url=$(upstream_url) - - --redirection-url=$(redirection_url) - - --scopes=groups - - --sign-in-page=/opt/templates/sign_in.html.tmpl - - --forbidden-page=/opt/templates/forbidden.html.tmpl - - --enable-refresh-tokens=true - - --http-only-cookie=true - - --preserve-host=true - - --enable-encrypted-token=true - - --encryption-key=$(encryption_key) - - --enable-authorization-header - - --resources=uri=/* - volumeMounts: - - name: page-templates - mountPath: /opt/templates/forbidden.html.tmpl - subPath: forbidden-page - - name: page-templates - mountPath: /opt/templates/sign_in.html.tmpl - subPath: login-page - securityContext: - readOnlyRootFilesystem: true - volumes: - - name: page-templates - configMap: - name: keycloak-gatekeeper-page-templates diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/kustomization.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/kustomization.yaml deleted file mode 100644 index dae5122d14..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/kustomization.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: auth - -resources: -- config-map.yaml -- namespace.yaml -- deployment.yaml -- service.yaml -- virtualservice.yaml - -configMapGenerator: -- name: keycloak-gatekeeper-parameters - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true - -vars: -- name: client_id - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.client_id -- name: client_secret - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.client_secret -- name: secure_cookie - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.secure_cookie -- name: discovery_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.discovery_url -- name: upstream_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.upstream_url -- name: redirection_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.redirection_url -- name: encryption_key - objref: - kind: ConfigMap - name: keycloak-gatekeeper-parameters - apiVersion: v1 - fieldref: - fieldpath: data.encryption_key -configurations: -- params.yaml -images: -- name: keycloak/keycloak-gatekeeper - newName: keycloak/keycloak-gatekeeper - newTag: 5.0.0 diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/namespace.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/namespace.yaml deleted file mode 100644 index 6b34cabc07..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: auth diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/params.env b/contrib/dex-auth/keycloak-gatekeeper/base/params.env deleted file mode 100644 index 9a49b3024c..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/params.env +++ /dev/null @@ -1,7 +0,0 @@ -client_id=ldapdexapp -client_secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok -secure_cookie=false -discovery_url=http://dex.example.com:31200 -upstream_url=http://kubeflow.centraldashboard.com:31380 -redirection_url=http://keycloak-gatekeeper.example.com:31204 -encryption_key=nm6xjpPXPJFInLYo diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/params.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/params.yaml deleted file mode 100644 index 1d61a65ec0..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/template/spec/containers/args - kind: Deployment diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/service.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/service.yaml deleted file mode 100644 index 05deb18384..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: keycloak-gatekeeper -spec: - type: NodePort - ports: - - port: 5554 - protocol: TCP - name: http - targetPort: http - nodePort: 32004 - selector: - app: keycloak-gatekeeper diff --git a/contrib/dex-auth/keycloak-gatekeeper/base/virtualservice.yaml b/contrib/dex-auth/keycloak-gatekeeper/base/virtualservice.yaml deleted file mode 100644 index f10dc8098f..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base/virtualservice.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: keycloak-gatekeeper -spec: - gateways: - - kubeflow/kubeflow-gateway - hosts: - - '*' - http: - - match: - - port: 5554 - uri: - prefix: / - rewrite: - uri: / - route: - - destination: - host: keycloak-gatekeeper.auth.svc.cluster.local - port: - number: 5554 diff --git a/contrib/dex-auth/keycloak-gatekeeper/base_v3/kustomization.yaml b/contrib/dex-auth/keycloak-gatekeeper/base_v3/kustomization.yaml deleted file mode 100644 index 90f853a14a..0000000000 --- a/contrib/dex-auth/keycloak-gatekeeper/base_v3/kustomization.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: auth -resources: -- ../base/config-map.yaml -- ../base/namespace.yaml -- ../base/deployment.yaml -- ../base/service.yaml -- ../base/virtualservice.yaml -configMapGenerator: -- name: keycloak-gatekeeper-config - envs: - - ../base/params.env -generatorOptions: - disableNameSuffixHash: true -vars: -- name: client_id - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.client_id -- name: client_secret - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.client_secret -- name: secure_cookie - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.secure_cookie -- name: discovery_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.discovery_url -- name: upstream_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.upstream_url -- name: redirection_url - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.redirection_url -- name: encryption_key - objref: - kind: ConfigMap - name: keycloak-gatekeeper-config - apiVersion: v1 - fieldref: - fieldpath: data.encryption_key -configurations: -- ../base/params.yaml -images: -- name: keycloak/keycloak-gatekeeper - newName: keycloak/keycloak-gatekeeper - newTag: 5.0.0 From a68d7b6013ed0ef685c5224d00fe1c03b8177799 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:09:29 -0400 Subject: [PATCH 04/12] Remove /contrib/experimental Signed-off-by: Anna Jung (VMware) --- contrib/experimental/README.md | 7 --- .../experimental/gcp/template/openapi.yaml | 54 ------------------- .../mirror-images/gcp_template.yaml | 36 ------------- .../mirror-images/mirror_task.yaml | 23 -------- 4 files changed, 120 deletions(-) delete mode 100644 contrib/experimental/README.md delete mode 100644 contrib/experimental/gcp/template/openapi.yaml delete mode 100644 contrib/experimental/mirror-images/gcp_template.yaml delete mode 100644 contrib/experimental/mirror-images/mirror_task.yaml diff --git a/contrib/experimental/README.md b/contrib/experimental/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/experimental/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/experimental/gcp/template/openapi.yaml b/contrib/experimental/gcp/template/openapi.yaml deleted file mode 100644 index 7e53098980..0000000000 --- a/contrib/experimental/gcp/template/openapi.yaml +++ /dev/null @@ -1,54 +0,0 @@ -swagger: "2.0" -info: - description: "wildcard config for any HTTP service." - title: "General HTTP Service." - version: "1.0.0" -host: "CHANGE.TO.YOUR.HOST.NAME" -x-google-endpoints: -- name: "CHANGE.TO.YOUR.HOST.NAME" - target: "CHANGE.TO.YOUR.IP" -basePath: "/" -consumes: -- "application/json" -produces: -- "application/json" -schemes: -- "http" -- "https" -paths: - "/**": - get: - operationId: Get - responses: - '200': - description: Get - default: - description: Error - delete: - operationId: Delete - responses: - '204': - description: Delete - default: - description: Error - patch: - operationId: Patch - responses: - '200': - description: Patch - default: - description: Error - post: - operationId: Post - responses: - '200': - description: Post - default: - description: Error - put: - operationId: Put - responses: - '200': - description: Put - default: - description: Error diff --git a/contrib/experimental/mirror-images/gcp_template.yaml b/contrib/experimental/mirror-images/gcp_template.yaml deleted file mode 100644 index 3174229a05..0000000000 --- a/contrib/experimental/mirror-images/gcp_template.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# TODO(jlewi): Should we move this into the GCP directory? -apiVersion: replication.utils.kubeflow.org/v1alpha1 -kind: Replication -spec: - patterns: - - src: - include: gcr.io/kubeflow-images-public - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - - src: - include: quay.io/jetstack - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - - src: - include: gcr.io/ml-pipeline - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - - src: - include: argoproj - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - - src: - include: minio - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - # Use the existing public context - - src: - include: mysql - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - # Use the existing public context - - src: - include: metacontroller - # change to the gcr registry as image replication destination - dest: gcr.io/gcp-private-dev/mirror # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"gcp-private-dev"}]}} - context: gs://kubeflow-examples/image-replicate/replicate-context.tar.gz diff --git a/contrib/experimental/mirror-images/mirror_task.yaml b/contrib/experimental/mirror-images/mirror_task.yaml deleted file mode 100644 index 52c01204ad..0000000000 --- a/contrib/experimental/mirror-images/mirror_task.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - creationTimestamp: null - name: mirror-image -spec: - inputs: - params: - - name: inputImage - type: string - - name: outputImage - type: string - - name: context - type: string - steps: - - image: gcr.io/kaniko-project/executor:v0.11.0 - command: - - /kaniko/executor - - --dockerfile=Dockerfile - - --context=$(inputs.params.context) - - --destination=$(inputs.params.outputImage) - - --build-arg INPUT_IMAGE=$(inputs.params.inputImage) - name: build-push From 6b668eaf79d911c3da5de934baf29d23013bbc32 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:09:45 -0400 Subject: [PATCH 05/12] Remove /contrib/feast Signed-off-by: Anna Jung (VMware) --- contrib/feast/Makefile | 7 - contrib/feast/OWNERS | 3 - contrib/feast/README.md | 35 - contrib/feast/feast/base/kustomization.yaml | 3 - contrib/feast/feast/base/resources.yaml | 1007 ----------------- contrib/feast/feast/base/static.yaml | 13 - .../overlays/kubeflow/kustomization.yaml | 15 - .../overlays/kubeflow/patches/kafka.yaml | 12 - .../overlays/kubeflow/patches/namespace.yaml | 6 - .../overlays/kubeflow/patches/redis.yaml | 12 - .../overlays/kubeflow/patches/zookeeper.yaml | 13 - contrib/feast/values.yaml | 59 - 12 files changed, 1185 deletions(-) delete mode 100644 contrib/feast/Makefile delete mode 100644 contrib/feast/OWNERS delete mode 100644 contrib/feast/README.md delete mode 100644 contrib/feast/feast/base/kustomization.yaml delete mode 100644 contrib/feast/feast/base/resources.yaml delete mode 100644 contrib/feast/feast/base/static.yaml delete mode 100644 contrib/feast/feast/overlays/kubeflow/kustomization.yaml delete mode 100644 contrib/feast/feast/overlays/kubeflow/patches/kafka.yaml delete mode 100644 contrib/feast/feast/overlays/kubeflow/patches/namespace.yaml delete mode 100644 contrib/feast/feast/overlays/kubeflow/patches/redis.yaml delete mode 100644 contrib/feast/feast/overlays/kubeflow/patches/zookeeper.yaml delete mode 100644 contrib/feast/values.yaml diff --git a/contrib/feast/Makefile b/contrib/feast/Makefile deleted file mode 100644 index c0f91cfc8f..0000000000 --- a/contrib/feast/Makefile +++ /dev/null @@ -1,7 +0,0 @@ - -feast/base: clean - cd feast/base && helm template -f ../../values.yaml kf-feast feast --namespace feast --version 0.100.4 --repo https://feast-helm-charts.storage.googleapis.com > resources.yaml - -.PHONY:clean-kustomize -clean: - rm -rf feast/base/resources.yaml diff --git a/contrib/feast/OWNERS b/contrib/feast/OWNERS deleted file mode 100644 index 97472b070d..0000000000 --- a/contrib/feast/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -approvers: - - woop - - tedhtchang diff --git a/contrib/feast/README.md b/contrib/feast/README.md deleted file mode 100644 index 0688e9a0ba..0000000000 --- a/contrib/feast/README.md +++ /dev/null @@ -1,35 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). - - -# Feast Kustomize - -## Installing with Kustomize - -### Standalone - -``` -kustomize build feast/base | kubectl apply -n feast -f - -``` - -### With Kubeflow - -If installing Feast as a component of Kubeflow, use the `kubeflow` overlay. - -``` -kustomize build feast/overlays/kubeflow | kubectl apply -f - -``` - -## Updating - -The Feast Kustomize configuration in this folder is built from the Feast Helm charts and a custom `values.yaml` file. - -Run the following command to regenerate the configuration: -``` -make feast/base -``` diff --git a/contrib/feast/feast/base/kustomization.yaml b/contrib/feast/feast/base/kustomization.yaml deleted file mode 100644 index e1d726f156..0000000000 --- a/contrib/feast/feast/base/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: -- resources.yaml -- static.yaml \ No newline at end of file diff --git a/contrib/feast/feast/base/resources.yaml b/contrib/feast/feast/base/resources.yaml deleted file mode 100644 index 2edf5e6c67..0000000000 --- a/contrib/feast/feast/base/resources.yaml +++ /dev/null @@ -1,1007 +0,0 @@ ---- -# Source: feast/charts/feast-core/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: kf-feast-feast-core - namespace: feast - labels: - app: feast-core - component: core - chart: feast-core-0.25.0 - release: kf-feast - heritage: Helm -type: Opaque -stringData: - application-secret.yaml: | - enabled: true ---- -# Source: feast/charts/feast-serving/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: kf-feast-feast-serving - namespace: feast - labels: - app: feast-serving - component: serving - chart: feast-serving-0.25.0 - release: kf-feast - heritage: Helm -type: Opaque -stringData: - application-secret.yaml: | - enabled: true ---- -# Source: feast/charts/feast-core/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: kf-feast-feast-core - namespace: feast - labels: - app: feast-core - component: core - chart: feast-core-0.25.0 - release: kf-feast - heritage: Helm -data: - application-generated.yaml: | - spring: - datasource: - url: jdbc:postgresql://kf-feast-postgresql:5432/postgres - - server: - port: 8080 - - application-override.yaml: | - enabled: true ---- -# Source: feast/charts/feast-serving/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: kf-feast-feast-serving - namespace: feast - labels: - app: feast-serving - component: serving - chart: feast-serving-0.25.0 - release: kf-feast - heritage: Helm -data: - application-generated.yaml: | - feast: - core-host: kf-feast-feast-core - - stores: - - name: online - type: REDIS - config: - host: kf-feast-redis-master - port: 6379 - subscriptions: - - name: "*" - project: "*" - version: "*" - - job_store: - redis_host: kf-feast-redis-master - redis_port: 6379 - - server: - port: 8080 - - application-override.yaml: | - enabled: true ---- -# Source: feast/charts/redis/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: kf-feast-redis - labels: - app: redis - chart: redis-10.5.6 - heritage: Helm - release: kf-feast -data: - redis.conf: |- - # User-supplied configuration: - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" - master.conf: |- - dir /data - rename-command FLUSHDB "" - rename-command FLUSHALL "" - replica.conf: |- - dir /data - slave-read-only yes - rename-command FLUSHDB "" - rename-command FLUSHALL "" ---- -# Source: feast/charts/redis/templates/health-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: kf-feast-redis-health - labels: - app: redis - chart: redis-10.5.6 - heritage: Helm - release: kf-feast -data: - ping_readiness_local.sh: |- - response=$( - timeout -s 9 $1 \ - redis-cli \ - -h localhost \ - -p $REDIS_PORT \ - ping - ) - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - response=$( - timeout -s 9 $1 \ - redis-cli \ - -h localhost \ - -p $REDIS_PORT \ - ping - ) - if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then - echo "$response" - exit 1 - fi - ping_readiness_master.sh: |- - response=$( - timeout -s 9 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ - ping - ) - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_master.sh: |- - response=$( - timeout -s 9 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ - ping - ) - if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status ---- -# Source: feast/charts/feast-core/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-feast-core - namespace: feast - labels: - app: feast-core - chart: feast-core-0.25.0 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 8080 - - name: grpc - port: 6565 - targetPort: 6565 - selector: - app: feast-core - component: core - release: kf-feast ---- -# Source: feast/charts/feast-jobservice/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-feast-jobservice - namespace: feast - labels: - app: feast-jobservice - chart: feast-jobservice-0.9.2 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 8080 - - name: grpc - port: 6568 - targetPort: 6568 - selector: - app: feast-jobservice - component: jobservice - release: kf-feast ---- -# Source: feast/charts/feast-serving/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-feast-serving - namespace: feast - labels: - app: feast-serving - chart: feast-serving-0.25.0 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - ports: - - name: http - port: 80 - targetPort: 8080 - - name: grpc - port: 6566 - targetPort: 6566 - selector: - app: feast-serving - component: serving - release: kf-feast ---- -# Source: feast/charts/postgresql/templates/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-postgresql-headless - labels: - app: postgresql - chart: postgresql-8.6.1 - release: "kf-feast" - heritage: "Helm" -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: postgresql - release: "kf-feast" ---- -# Source: feast/charts/postgresql/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-postgresql - labels: - app: postgresql - chart: postgresql-8.6.1 - release: "kf-feast" - heritage: "Helm" -spec: - type: ClusterIP - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: postgresql - release: "kf-feast" - role: master ---- -# Source: feast/charts/redis/templates/headless-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-redis-headless - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - clusterIP: None - ports: - - name: redis - port: 6379 - targetPort: redis - selector: - app: redis - release: kf-feast ---- -# Source: feast/charts/redis/templates/redis-master-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-redis-master - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - ports: - - name: redis - port: 6379 - targetPort: redis - selector: - app: redis - release: kf-feast - role: master ---- -# Source: feast/charts/redis/templates/redis-slave-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kf-feast-redis-slave - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - heritage: Helm -spec: - type: ClusterIP - ports: - - name: redis - port: 6379 - targetPort: redis - selector: - app: redis - release: kf-feast - role: slave ---- -# Source: feast/charts/feast-core/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kf-feast-feast-core - namespace: feast - labels: - app: feast-core - component: core - chart: feast-core-0.25.0 - release: kf-feast - heritage: Helm -spec: - replicas: 1 - selector: - matchLabels: - app: feast-core - component: core - release: kf-feast - template: - metadata: - annotations: - checksum/configmap: 65652a82857b1cc41cf1b96a3466be3004271fc1e9c7c100927ceade4f499ff4 - checksum/secret: 534fff11a6f05225ea57b92e5ac8d9a74f9c1bb762c1f24930ea7bdc82728d52 - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: feast-core - component: core - release: kf-feast - spec: - - volumes: - - name: kf-feast-feast-core-config - configMap: - name: kf-feast-feast-core - - name: kf-feast-feast-core-secret - secret: - secretName: kf-feast-feast-core - - containers: - - name: feast-core - image: gcr.io/kf-feast/feast-core:develop - imagePullPolicy: IfNotPresent - - volumeMounts: - - name: kf-feast-feast-core-config - mountPath: /etc/feast - - name: kf-feast-feast-core-secret - mountPath: /etc/secrets/feast - readOnly: true - - env: - - name: LOG_TYPE - value: "Console" - - name: LOG_LEVEL - value: "WARN" - - name: SPRING_DATASOURCE_PASSWORD - valueFrom: - secretKeyRef: - name: feast-postgresql - key: postgresql-password - - command: - - java - - -jar - - /opt/feast/feast-core.jar - - --spring.config.location=classpath:/application.yml,file:/etc/feast/application-generated.yaml,file:/etc/secrets/feast/application-secret.yaml,file:/etc/feast/application-override.yaml - ports: - - name: http - containerPort: 8080 - - name: grpc - containerPort: 6565 - readinessProbe: - exec: - command: ["/usr/bin/grpc-health-probe", "-addr=:6565"] - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - failureThreshold: 5 - - resources: - {} ---- -# Source: feast/charts/feast-jobservice/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kf-feast-feast-jobservice - namespace: feast - labels: - app: feast-jobservice - component: jobservice - chart: feast-jobservice-0.9.2 - release: kf-feast - heritage: Helm -spec: - replicas: 1 - selector: - matchLabels: - app: feast-jobservice - component: jobservice - release: kf-feast - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: feast-jobservice - component: jobservice - release: kf-feast - spec: - - containers: - - name: feast-jobservice - image: gcr.io/kf-feast/feast-jobservice:develop - imagePullPolicy: IfNotPresent - - env: - - ports: - - name: http - containerPort: 8080 - - name: grpc - containerPort: 6568 - livenessProbe: - exec: - command: ["/usr/bin/grpc-health-probe", "-addr=:6568"] - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - failureThreshold: 5 - readinessProbe: - exec: - command: ["/usr/bin/grpc-health-probe", "-addr=:6568"] - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - failureThreshold: 5 - - resources: - {} ---- -# Source: feast/charts/feast-serving/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kf-feast-feast-serving - namespace: feast - labels: - app: feast-serving - component: serving - chart: feast-serving-0.25.0 - release: kf-feast - heritage: Helm -spec: - replicas: 1 - selector: - matchLabels: - app: feast-serving - component: serving - release: kf-feast - template: - metadata: - annotations: - checksum/configmap: 179927bcdb9de7eadf95390cc6dca8046db451bad6320e4d5cf1ab3f28bf92b0 - checksum/secret: 023c324d70d3e0d551c155dcba35b4c6addbf9aa8c844a67bc5f53b77e45e9b9 - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: feast-serving - component: serving - release: kf-feast - spec: - - volumes: - - name: kf-feast-feast-serving-config - configMap: - name: kf-feast-feast-serving - - name: kf-feast-feast-serving-secret - secret: - secretName: kf-feast-feast-serving - - containers: - - name: feast-serving - image: gcr.io/kf-feast/feast-serving:develop - imagePullPolicy: IfNotPresent - - volumeMounts: - - name: kf-feast-feast-serving-config - mountPath: /etc/feast - - name: kf-feast-feast-serving-secret - mountPath: /etc/secrets/feast - readOnly: true - - env: - - name: LOG_TYPE - value: "Console" - - name: LOG_LEVEL - value: "WARN" - - command: - - java - - -jar - - /opt/feast/feast-serving.jar - - --spring.config.location=classpath:/application.yml,file:/etc/feast/application-generated.yaml,file:/etc/secrets/feast/application-secret.yaml,file:/etc/feast/application-override.yaml - - ports: - - name: http - containerPort: 8080 - - name: grpc - containerPort: 6566 - livenessProbe: - exec: - command: - - "grpc-health-probe" - - "-addr=:6566" - - "-connect-timeout=5s" - - "-rpc-timeout=5s" - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - failureThreshold: 5 - readinessProbe: - exec: - command: - - "grpc-health-probe" - - "-addr=:6566" - - "-connect-timeout=10s" - - "-rpc-timeout=10s" - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - failureThreshold: 5 - - resources: - {} ---- -# Source: feast/charts/postgresql/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-postgresql - labels: - app: postgresql - chart: postgresql-8.6.1 - release: "kf-feast" - heritage: "Helm" -spec: - serviceName: kf-feast-postgresql-headless - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: postgresql - release: "kf-feast" - role: master - template: - metadata: - name: kf-feast-postgresql - labels: - app: postgresql - chart: postgresql-8.6.1 - release: "kf-feast" - heritage: "Helm" - role: master - spec: - securityContext: - fsGroup: 1001 - initContainers: - # - name: do-something - # image: busybox - # command: ['do', 'something'] - - containers: - - name: kf-feast-postgresql - image: docker.io/bitnami/postgresql:11.7.0-debian-10-r9 - imagePullPolicy: "IfNotPresent" - resources: - requests: - cpu: 250m - memory: 256Mi - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - - name: POSTGRES_USER - value: "postgres" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: feast-postgresql - key: postgresql-password - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - subPath: - volumes: - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: feast/charts/redis/templates/redis-master-statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-redis-master - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - heritage: Helm -spec: - selector: - matchLabels: - app: redis - release: kf-feast - role: master - serviceName: kf-feast-redis-headless - template: - metadata: - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - role: master - annotations: - checksum/health: 466e9c6e1580496ae816ea2ba97eb274e0722a0e448f05b626d65a514edd4b7e - checksum/configmap: 2694f00f7d90b157fe8a55b1fef4fdac62061e59d606f4182a6dab35be93cb86 - checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - spec: - securityContext: - fsGroup: 1001 - serviceAccountName: "default" - containers: - - name: kf-feast-redis - image: "docker.io/bitnami/redis:5.0.7-debian-10-r32" - imagePullPolicy: "IfNotPresent" - securityContext: - runAsUser: 1001 - command: - - /bin/bash - - -c - - | - if [[ -n $REDIS_PASSWORD_FILE ]]; then - password_aux=`cat ${REDIS_PASSWORD_FILE}` - export REDIS_PASSWORD=$password_aux - fi - if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - /run.sh ${ARGS[@]} - env: - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - - name: REDIS_PORT - value: "6379" - ports: - - name: redis - containerPort: 6379 - livenessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh 5 - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh 5 - resources: - null - volumeMounts: - - name: health - mountPath: /health - - name: redis-data - mountPath: /data - subPath: - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc/ - volumes: - - name: health - configMap: - name: kf-feast-redis-health - defaultMode: 0755 - - name: config - configMap: - name: kf-feast-redis - - name: redis-tmp-conf - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: - app: redis - release: kf-feast - heritage: Helm - component: master - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" - - selector: - updateStrategy: - type: RollingUpdate ---- -# Source: feast/charts/redis/templates/redis-slave-statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-redis-slave - labels: - app: redis - chart: redis-10.5.6 - release: kf-feast - heritage: Helm -spec: - replicas: 2 - serviceName: kf-feast-redis-headless - selector: - matchLabels: - app: redis - release: kf-feast - role: slave - template: - metadata: - labels: - app: redis - release: kf-feast - chart: redis-10.5.6 - role: slave - annotations: - checksum/health: 466e9c6e1580496ae816ea2ba97eb274e0722a0e448f05b626d65a514edd4b7e - checksum/configmap: 2694f00f7d90b157fe8a55b1fef4fdac62061e59d606f4182a6dab35be93cb86 - checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - spec: - securityContext: - fsGroup: 1001 - serviceAccountName: "default" - containers: - - name: kf-feast-redis - image: docker.io/bitnami/redis:5.0.7-debian-10-r32 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsUser: 1001 - command: - - /bin/bash - - -c - - | - if [[ -n $REDIS_PASSWORD_FILE ]]; then - password_aux=`cat ${REDIS_PASSWORD_FILE}` - export REDIS_PASSWORD=$password_aux - fi - if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then - password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}` - export REDIS_MASTER_PASSWORD=$password_aux - fi - if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - /run.sh "${ARGS[@]}" - env: - - name: REDIS_REPLICATION_MODE - value: slave - - name: REDIS_MASTER_HOST - value: kf-feast-redis-master-0.kf-feast-redis-headless.feast.svc.cluster.local - - name: REDIS_PORT - value: "6379" - - name: REDIS_MASTER_PORT_NUMBER - value: "6379" - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - ports: - - name: redis - containerPort: 6379 - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh 5 - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh 5 - resources: - null - volumeMounts: - - name: health - mountPath: /health - - name: redis-data - mountPath: /data - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc - volumes: - - name: health - configMap: - name: kf-feast-redis-health - defaultMode: 0755 - - name: config - configMap: - name: kf-feast-redis - - name: sentinel-tmp-conf - emptyDir: {} - - name: redis-tmp-conf - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: - app: redis - release: kf-feast - heritage: Helm - component: slave - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" - - selector: - updateStrategy: - type: RollingUpdate diff --git a/contrib/feast/feast/base/static.yaml b/contrib/feast/feast/base/static.yaml deleted file mode 100644 index 413906623e..0000000000 --- a/contrib/feast/feast/base/static.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -data: - postgresql-password: cGFzc3dvcmQ= -kind: Secret -metadata: - name: feast-postgresql - namespace: feast -type: Opaque ---- -apiVersion: v1 -kind: Namespace -metadata: - name: feast diff --git a/contrib/feast/feast/overlays/kubeflow/kustomization.yaml b/contrib/feast/feast/overlays/kubeflow/kustomization.yaml deleted file mode 100644 index 4e1aecd9ae..0000000000 --- a/contrib/feast/feast/overlays/kubeflow/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -commonLabels: - app.kubernetes.io/component: feast - app.kubernetes.io/name: feast -bases: -- ../../base -patchesStrategicMerge: -- patches/namespace.yaml -- patches/redis.yaml -# If Kafka is enabled, uncomment the following patches. -# - patches/kafka.yaml -# - patches/zookeeper.yaml - diff --git a/contrib/feast/feast/overlays/kubeflow/patches/kafka.yaml b/contrib/feast/feast/overlays/kubeflow/patches/kafka.yaml deleted file mode 100644 index 3961c1639a..0000000000 --- a/contrib/feast/feast/overlays/kubeflow/patches/kafka.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-kafka -spec: - template: - spec: - containers: - - name: kafka - env: - - name: KAFKA_CFG_ADVERTISED_LISTENERS - value: "INTERNAL://kf-feast-kafka-0.kf-feast-kafka-headless.kubeflow.svc.cluster.local:9093,CLIENT://kf-feast-kafka-0.kf-feast-kafka-headless.kubeflow.svc.cluster.local:9092" diff --git a/contrib/feast/feast/overlays/kubeflow/patches/namespace.yaml b/contrib/feast/feast/overlays/kubeflow/patches/namespace.yaml deleted file mode 100644 index 79699cb1b4..0000000000 --- a/contrib/feast/feast/overlays/kubeflow/patches/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Remove namespace resource as Kubeflow namespace will already exist. -$patch: delete -apiVersion: v1 -kind: Namespace -metadata: - name: feast diff --git a/contrib/feast/feast/overlays/kubeflow/patches/redis.yaml b/contrib/feast/feast/overlays/kubeflow/patches/redis.yaml deleted file mode 100644 index 4fb74a5fc5..0000000000 --- a/contrib/feast/feast/overlays/kubeflow/patches/redis.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-redis-slave -spec: - template: - spec: - containers: - - name: kf-feast-redis - env: - - name: REDIS_MASTER_HOST - value: kf-feast-redis-master-0.kf-feast-redis-headless.kubeflow.svc.cluster.local diff --git a/contrib/feast/feast/overlays/kubeflow/patches/zookeeper.yaml b/contrib/feast/feast/overlays/kubeflow/patches/zookeeper.yaml deleted file mode 100644 index c3d38cf3bd..0000000000 --- a/contrib/feast/feast/overlays/kubeflow/patches/zookeeper.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kf-feast-zookeeper - namespace: feast -spec: - template: - spec: - containers: - - name: zookeeper - env: - - name: ZOO_SERVERS - value: kf-feast-zookeeper-0.kf-feast-zookeeper-headless.kubeflow.svc.cluster.local:2888:3888 diff --git a/contrib/feast/values.yaml b/contrib/feast/values.yaml deleted file mode 100644 index 17df5e8d07..0000000000 --- a/contrib/feast/values.yaml +++ /dev/null @@ -1,59 +0,0 @@ -feast-core: - # feast-core.enabled -- Flag to install Feast Core - enabled: true - postgresql: - # feast-core.postgresql.existingSecret -- Kubernetes secrets that contains the postgresql password - existingSecret: feast-postgresql - image: - repository: gcr.io/kf-feast/feast-core - tag: develop - -feast-online-serving: - # feast-online-serving.enabled -- Flag to install Feast Online Serving - fullnameOverride: feast-online-serving - enabled: true - image: - repository: gcr.io/kf-feast/feast-serving - tag: develop - - application-override.yaml: - feast: - core-host: kf-feast-core - -feast-jupyter: - # feast-jupyter.enabled -- Flag to install Feast Jupyter Notebook with SDK - enabled: false - -feast-jobservice: - # feast-jobservice.enabled -- Flag to install Feast Job Service - image: - repository: gcr.io/kf-feast/feast-jobservice - enabled: true - -postgresql: - # postgresql.enabled -- Flag to install Postgresql - enabled: true - # postgresql.existingSecret -- Kubernetes secrets that contains the postgresql password - existingSecret: feast-postgresql - -kafka: - # kafka.enabled -- Flag to install Kafka - enabled: false - -redis: - # redis.enabled -- Flag to install Redis - enabled: true - # redis.usePassword -- Disable redis password - usePassword: false - -prometheus-statsd-exporter: - # prometheus-statsd-exporter.enabled -- Flag to install StatsD to Prometheus Exporter - enabled: false - -prometheus: - # prometheus.enabled -- Flag to install Prometheus - enabled: false - -grafana: - # grafana.enabled -- Flag to install Grafana - enabled: false From d01cc4bb741854b8a6386122fe4f26140f82c37f Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:09:56 -0400 Subject: [PATCH 06/12] Remove /contrib/flink Signed-off-by: Anna Jung (VMware) --- contrib/flink/OWNERS | 2 - contrib/flink/README.md | 7 - contrib/flink/flink-operator/README.md | 10 - .../base/cluster-role-binding.yaml | 28 - .../flink-operator/base/cluster-role.yaml | 176 - .../flink/flink-operator/base/configmap.yaml | 118 - contrib/flink/flink-operator/base/crd.yaml | 7279 ----------------- .../flink/flink-operator/base/deployment.yaml | 62 - .../flink-operator/base/kustomization.yaml | 22 - .../base/leader-election-role-binding.yaml | 15 - .../base/leader-election-role.yaml | 29 - .../flink-operator/base/service-account.yaml | 7 - .../flink/flink-operator/base/service.yaml | 33 - .../flink/flink-operator/base/setup-job.yaml | 45 - .../flink/flink-operator/base/webhook.yaml | 52 - .../overlay/application/application.yaml | 38 - .../overlay/application/kustomization.yaml | 7 - 17 files changed, 7930 deletions(-) delete mode 100644 contrib/flink/OWNERS delete mode 100644 contrib/flink/README.md delete mode 100644 contrib/flink/flink-operator/README.md delete mode 100644 contrib/flink/flink-operator/base/cluster-role-binding.yaml delete mode 100644 contrib/flink/flink-operator/base/cluster-role.yaml delete mode 100644 contrib/flink/flink-operator/base/configmap.yaml delete mode 100644 contrib/flink/flink-operator/base/crd.yaml delete mode 100644 contrib/flink/flink-operator/base/deployment.yaml delete mode 100644 contrib/flink/flink-operator/base/kustomization.yaml delete mode 100644 contrib/flink/flink-operator/base/leader-election-role-binding.yaml delete mode 100644 contrib/flink/flink-operator/base/leader-election-role.yaml delete mode 100644 contrib/flink/flink-operator/base/service-account.yaml delete mode 100644 contrib/flink/flink-operator/base/service.yaml delete mode 100644 contrib/flink/flink-operator/base/setup-job.yaml delete mode 100644 contrib/flink/flink-operator/base/webhook.yaml delete mode 100644 contrib/flink/flink-operator/overlay/application/application.yaml delete mode 100644 contrib/flink/flink-operator/overlay/application/kustomization.yaml diff --git a/contrib/flink/OWNERS b/contrib/flink/OWNERS deleted file mode 100644 index 76221cb45d..0000000000 --- a/contrib/flink/OWNERS +++ /dev/null @@ -1,2 +0,0 @@ -approvers: - - Jeffwan diff --git a/contrib/flink/README.md b/contrib/flink/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/flink/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/flink/flink-operator/README.md b/contrib/flink/flink-operator/README.md deleted file mode 100644 index b2243570e2..0000000000 --- a/contrib/flink/flink-operator/README.md +++ /dev/null @@ -1,10 +0,0 @@ -## Update Manifest - -flink-operator manifest comes from [GoogleCloudPlatform/flink-on-k8s-operator](https://github.com/GoogleCloudPlatform/flink-on-k8s-operator) - - -Kubeflow flink-operator manifest generates from [flink-operator Helm Chart](https://github.com/GoogleCloudPlatform/flink-on-k8s-operator/tree/master/helm-chart) with some minor changes. - -``` -helm template flink-operator-repo/flink-operator --set operatorImage.name=gcr.io/flink-operator/flink-operator:latest --set flinkOperatorNamespace=kubeflow --set rbac.create=true > flink.yaml -``` \ No newline at end of file diff --git a/contrib/flink/flink-operator/base/cluster-role-binding.yaml b/contrib/flink/flink-operator/base/cluster-role-binding.yaml deleted file mode 100644 index 911f9f76a7..0000000000 --- a/contrib/flink/flink-operator/base/cluster-role-binding.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: flink-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flink-operator-manager-role -subjects: -- kind: ServiceAccount - name: flink-operator-sa - namespace: kubeflow ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: flink-operator-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flink-operator-proxy-role -subjects: -- kind: ServiceAccount - name: flink-operator-sa - namespace: kubeflow diff --git a/contrib/flink/flink-operator/base/cluster-role.yaml b/contrib/flink/flink-operator/base/cluster-role.yaml deleted file mode 100644 index 3d355a847f..0000000000 --- a/contrib/flink/flink-operator/base/cluster-role.yaml +++ /dev/null @@ -1,176 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: flink-operator-manager-role -rules: -- apiGroups: - - flinkoperator.k8s.io - resources: - - flinkclusters - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - flinkoperator.k8s.io - resources: - - flinkclusters/status - verbs: - - get - - update - - patch -- apiGroups: - - apps - resources: - - deployments - - controllerrevisions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apps - resources: - - deployments/status - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services/status - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events/status - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - batch - resources: - - jobs/status - verbs: - - get -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - update - - patch ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: flink-operator-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/contrib/flink/flink-operator/base/configmap.yaml b/contrib/flink/flink-operator/base/configmap.yaml deleted file mode 100644 index 0489f643e3..0000000000 --- a/contrib/flink/flink-operator/base/configmap.yaml +++ /dev/null @@ -1,118 +0,0 @@ ---- -# Source: flink-operator/templates/generate-cert.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - creationTimestamp: null - name: cert-configmap - namespace: kubeflow - labels: - app.kubernetes.io/name: flink-operator - app.kubernetes.io/component: cert-configmap -data: - cert.sh: |- - set -euxo pipefail - service="flink-operator-webhook-service" - secret="webhook-server-cert" - namespace=kubeflow - csrName="${service}.${namespace}" - tmpdir="$(mktemp -d)" - echo "Creating certs in tmpdir ${tmpdir} " - cat <> "${tmpdir}/csr.conf" - [req] - req_extensions = v3_req - distinguished_name = req_distinguished_name - [req_distinguished_name] - [ v3_req ] - basicConstraints = CA:FALSE - keyUsage = nonRepudiation, digitalSignature, keyEncipherment - extendedKeyUsage = serverAuth - subjectAltName = @alt_names - [alt_names] - DNS.1 = ${service} - DNS.2 = ${service}.${namespace} - DNS.3 = ${service}.${namespace}.svc - EOF - openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -subj "/CN=Admission Controller Webhook CA" - openssl genrsa -out ${tmpdir}/server-key.pem 2048 - openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -config ${tmpdir}/csr.conf \ - | openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem - serverCert="$(openssl base64 -A -in ${tmpdir}/server-cert.pem)" - if [[ -z ${serverCert} ]]; then - echo "ERROR: The signed certificate did not appear." >&2 - exit 1 - fi - export CA_PEM_B64="$(echo ${serverCert})" - # create the secret with CA cert and server cert/key - kubectl create secret generic ${secret} \ - --from-file=tls.key=${tmpdir}/server-key.pem \ - --from-file=tls.crt=${tmpdir}/server-cert.pem \ - --dry-run -o yaml | - kubectl -n ${namespace} apply -f - - for webhook in /webhook_to_create/*; - do - echo $(cat $webhook | envsubst '${CA_PEM_B64}'); - cat $webhook | envsubst '${CA_PEM_B64}' | kubectl apply -f - - done ---- -# Source: flink-operator/templates/generate-cert.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - creationTimestamp: null - name: webhook-configmap - namespace: kubeflow - labels: - app.kubernetes.io/name: flink-operator - app.kubernetes.io/component: webhook-configmap -data: - webook.yaml: |- - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: MutatingWebhookConfiguration - metadata: - creationTimestamp: null - name: flink-operator-mutating-webhook-configuration - webhooks: - - clientConfig: - caBundle: $CA_PEM_B64 - service: - name: flink-operator-webhook-service - namespace: kubeflow - path: /mutate-flinkoperator-k8s-io-v1beta1-flinkcluster - failurePolicy: Fail - name: mflinkcluster.flinkoperator.k8s.io - rules: - - apiGroups: - - flinkoperator.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - flinkclusters - --- - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: ValidatingWebhookConfiguration - metadata: - creationTimestamp: null - name: flink-operator-validating-webhook-configuration - webhooks: - - clientConfig: - caBundle: $CA_PEM_B64 - service: - name: flink-operator-webhook-service - namespace: kubeflow - path: /validate-flinkoperator-k8s-io-v1beta1-flinkcluster - failurePolicy: Fail - name: vflinkcluster.flinkoperator.k8s.io - rules: - - apiGroups: - - flinkoperator.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - flinkclusters diff --git a/contrib/flink/flink-operator/base/crd.yaml b/contrib/flink/flink-operator/base/crd.yaml deleted file mode 100644 index 608e080bd2..0000000000 --- a/contrib/flink/flink-operator/base/crd.yaml +++ /dev/null @@ -1,7279 +0,0 @@ ---- -# Source: flink-operator/templates/flink-cluster-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: flinkclusters.flinkoperator.k8s.io -spec: - group: flinkoperator.k8s.io - names: - kind: FlinkCluster - plural: flinkclusters - scope: "" - subresources: - status: {} - validation: - openAPIV3Schema: - description: FlinkCluster is the Schema for the flinkclusters API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: string - creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server - time when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. \n - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set when - deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: "DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable by - a client. The resource is expected to be deleted (no longer visible - from resource lists, and not reachable by name) after the time in - this field, once the finalizers list is empty. As long as the finalizers - list contains items, deletion is blocked. Once the deletionTimestamp - is set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. \n Populated by the system when a graceful deletion - is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that will - remove the entry from the list. If the deletionTimestamp of the object - is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: "GenerateName is an optional prefix, used by the server, - to generate a unique name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique - suffix. The provided value has the same validation rules as the Name - field, and may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is specified - and the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency" - type: string - generation: - description: A sequence number representing a specific generation of - the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: "An initializer is a controller which enforces some system - invariant at object creation time. This field is a list of initializers - that have not yet acted on this object. If nil or empty, this object - has been completely initialized. Otherwise, the object is considered - uninitialized and is hidden (in list/watch and get calls) from clients - that haven't explicitly asked to observe uninitialized objects. \n - When an object is created, the system will populate this list with - the current set of initializers. Only privileged users may set or - modify this list. Once it is empty, it may not be modified further - by any user. \n DEPRECATED - initializers are an alpha field and will - be removed in v1.15." - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the initializers - struct will be set to nil and the object is considered as initialized - and visible to all clients. - items: - properties: - name: - description: name of the process that is responsible for initializing - this object. - type: string - required: - - name - type: object - type: array - result: - description: If result is set with the Failure field, the object - will be persisted to storage and then deleted, ensuring that other - clients can observe the deletion. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, 0 if - not set. - format: int32 - type: integer - details: - description: Extended data associated with the reason. Each - reason may define its own extended details. This field is - optional and the data returned is not guaranteed to conform - to any schema except that defined by the reason type. - properties: - causes: - description: The Causes array includes more details associated - with the StatusReason failure. Not all StatusReasons may - provide detailed causes. - items: - properties: - field: - description: "The field of the resource that has caused - this error, as named by its JSON serialization. - May include dot and postfix notation for nested - attributes. Arrays are zero-indexed. Fields may - appear more than once in an array of causes due - to fields having multiple errors. Optional. \n Examples: - \ \"name\" - the field \"name\" on the current - resource \"items[0].name\" - the field \"name\" - on the first array entry in \"items\"" - type: string - message: - description: A human-readable description of the cause - of the error. This field may be presented as-is - to a reader. - type: string - reason: - description: A machine-readable description of the - cause of the error. If this value is empty there - is no information available. - type: string - type: object - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may differ - from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single name - which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before the - operation should be retried. Some errors may indicate - the client must take an alternate action - for those errors - this field may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a single - resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - type: object - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status of this - operation. - type: string - metadata: - description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that the - server has more data available. The value is opaque and - may be used to issue another request to the endpoint that - served this list to retrieve the next set of available - objects. Continuing a consistent list may not be possible - if the server configuration has changed or more than a - few minutes have passed. The resourceVersion field returned - when using this continue value will be identical to the - value in the first response, unless you have received - this token from an error message. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients to - determine when objects have changed. Value must be treated - as opaque by clients and passed unmodified back to the - server. Populated by the system. Read-only. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - type: object - reason: - description: A machine-readable description of why this operation - is in the "Failure" status. If this value is empty there is - no information available. A Reason clarifies an HTTP status - code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" or - "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - type: object - required: - - pending - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - managedFields: - description: "ManagedFields maps workflow-id and version to the set - of fields that are managed by that workflow. This is mostly for internal - housekeeping, and users typically shouldn't need to set or understand - this field. A workflow can be the user's name, a controller's name, - or the name of a specific apply path like \"ci-cd\". The set of fields - is always in the version that the workflow used when modifying the - object. \n This field is alpha and can be changed or removed without - notice." - items: - properties: - apiVersion: - description: APIVersion defines the version of this resource that - this field set applies to. The format is "group/version" just - like the top-level APIVersion field. It is necessary to track - the version of a field set because it cannot be automatically - converted. - type: string - fields: - additionalProperties: true - description: Fields identifies a set of fields. - type: object - manager: - description: Manager is an identifier of the workflow managing - these fields. - type: string - operation: - description: Operation is the type of operation which lead to - this ManagedFieldsEntry being created. The only valid values - for this field are 'Apply' and 'Update'. - type: string - time: - description: Time is timestamp of when these fields were set. - It should always be empty if Operation is 'Apply' - format: date-time - type: string - type: object - type: array - name: - description: 'Name must be unique within a namespace. Is required when - creating resources, although some resources may allow a client to - request the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the \"default\" namespace, but - \"default\" is the canonical representation. Not all objects are required - to be scoped to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this list - will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. To - set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - resourceVersion: - description: "An opaque value that represents the internal version of - this object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change detection, - and the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to the - server. They may only be valid for a particular resource or set of - resources. \n Populated by the system. Read-only. Value must be treated - as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency" - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated by - the system. Read-only. - type: string - uid: - description: "UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. \n Populated - by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" - type: string - type: object - spec: - properties: - envVars: - description: Environment variables shared by all JobManager, TaskManager - and job containers. - items: - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - description: Specifies the output format of the exposed - resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - flinkProperties: - additionalProperties: - type: string - description: Flink properties which are appened to flink-conf.yaml. - type: object - gcpConfig: - description: Config for GCP. - properties: - serviceAccount: - description: GCP service account. - properties: - keyFile: - description: The name of the service account key file. - type: string - mountPath: - description: The path where to mount the Volume of the Secret. - type: string - secretName: - description: The name of the Secret holding the GCP service - account key file. The Secret must be in the same namespace - as the FlinkCluster. - type: string - type: object - type: object - hadoopConfig: - description: Config for Hadoop. - properties: - configMapName: - description: The name of the ConfigMap which contains the Hadoop - config files. The ConfigMap must be in the same namespace as the - FlinkCluster. - type: string - mountPath: - description: The path where to mount the Volume of the ConfigMap. - type: string - type: object - image: - description: Flink image spec for the cluster's components. - properties: - name: - description: Flink image name. - type: string - pullPolicy: - description: Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. - type: string - pullSecrets: - description: Secrets for image pull. - items: - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: array - required: - - name - type: object - job: - description: (Optional) Job spec. If specified, this cluster is an ephemeral - Job Cluster, which will be automatically terminated after the job - finishes; otherwise, it is a long-running Session Cluster. - properties: - allowNonRestoredState: - description: 'Allow non-restored state, default: false.' - type: boolean - args: - description: Args of the job. - items: - type: string - type: array - autoSavepointSeconds: - description: Automatically take a savepoint to the `savepointsDir` - every n seconds. - format: int32 - type: integer - cancelRequested: - description: Request the job to be cancelled. Only applies to running - jobs. If `savePointsDir` is provided, a savepoint will be taken - before stopping the job. - type: boolean - className: - description: Fully qualified Java class name of the job. - type: string - cleanupPolicy: - description: The action to take after job finishes. - properties: - afterJobCancelled: - description: Action to take after job is cancelled. - type: string - afterJobFails: - description: Action to take after job fails. - type: string - afterJobSucceeds: - description: Action to take after job succeeds. - type: string - type: object - fromSavepoint: - description: FromSavepoint where to restore the job from (e.g., - gs://my-savepoint/1234). - type: string - initContainers: - description: 'Init containers of the Job pod. A typical use case - could be using an init container to download a remote job jar - to a local path which is referenced by the `jarFile` property. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. - items: - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period. Other management of the container blocks - until the hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - items: - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < - 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port - to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x - < 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or - SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever is - smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default is - false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to - be used by the container. This is a beta feature. - items: - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - properties: - mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves - similarly to SubPath but environment variable references - $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - jarFile: - description: JAR file of the job. - type: string - noLoggingToStdout: - description: 'No logging output to STDOUT, default: false.' - type: boolean - parallelism: - description: 'Job parallelism, default: 1.' - format: int32 - type: integer - restartPolicy: - description: "Restart policy when the job fails, \"Never\" or \"FromSavepointOnFailure\", - default: \"Never\". \n \"Never\" means the operator will never - try to restart a failed job, manual cleanup and restart is required. - \n \"FromSavepointOnFailure\" means the operator will try to restart - the failed job from the savepoint recorded in the job status if - available; otherwise, the job will stay in failed state. This - option is usually used together with `autoSavepointSeconds` and - `savepointsDir`." - type: string - savepointGeneration: - description: Update this field to `jobStatus.savepointGeneration - + 1` for a running job cluster to trigger a new savepoint to `savepointsDir` - on demand. - format: int32 - type: integer - savepointsDir: - description: Savepoints dir where to store savepoints of the job. - type: string - volumeMounts: - description: 'Volume mounts in the Job container. More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - volumes: - description: 'Volumes in the Job pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per - storage account Managed: azure managed data disk (only - in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume in - cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the ConfigMap, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's keys - must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to - the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for - this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to pass - to the plugin scripts. This may be empty if no secret - object is specified. If the secret object contains more - than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> - name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir - into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - targetPortal - - iqn - - lun - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - server - - path - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - properties: - configMap: - description: information about the configMap data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to - project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if the - token is older than 80 percent of its time - to live or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as host:port - pair (multiple entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in - the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on - the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. Default - is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - monitors - - image - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not - provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - system - - secretRef - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or it's keys must - be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name - to override the default behaviour. Set to "default" - if you are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - jarFile - - restartPolicy - type: object - jobManager: - description: Flink JobManager spec. - properties: - accessScope: - description: Access scope, enum("Cluster", "VPC", "External"). - type: string - ingress: - description: (Optional) Ingress. - properties: - annotations: - additionalProperties: - type: string - description: Ingress annotations. - type: object - hostFormat: - description: Ingress host format. ex) clusterName.example.com - type: string - tlsSecretName: - description: TLS secret name. - type: string - useTls: - description: TLS use. - type: boolean - type: object - memoryOffHeapMin: - description: 'Minimum amount of off-heap memory in containers, as - a safety margin to avoid OOM kill, default: 600M You can express - this value like 600M, 572Mi and 600e6 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory' - type: string - memoryOffHeapRatio: - description: 'Percentage of off-heap memory in containers, as a - safety margin to avoid OOM kill, default: 25' - format: int32 - type: integer - nodeSelector: - additionalProperties: - type: string - description: 'Selector which must match a node''s labels for the - JobManager pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - ports: - description: Ports. - properties: - blob: - description: 'Blob port, default: 6124.' - format: int32 - type: integer - query: - description: 'Query port, default: 6125.' - format: int32 - type: integer - rpc: - description: 'RPC port, default: 6123.' - format: int32 - type: integer - ui: - description: 'UI port, default: 8081.' - format: int32 - type: integer - type: object - replicas: - description: The number of replicas. - format: int32 - type: integer - resources: - description: 'Compute resources required by each JobManager container. - If omitted, a default value will be used. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - sidecars: - description: Sidecar containers running alongside with the JobManager - container in the pod. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. - items: - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period. Other management of the container blocks - until the hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - items: - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < - 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port - to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x - < 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or - SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever is - smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default is - false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to - be used by the container. This is a beta feature. - items: - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - properties: - mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves - similarly to SubPath but environment variable references - $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - volumeMounts: - description: Volume mounts in the JobManager container. - items: - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - volumes: - description: Volumes in the JobManager pod. - items: - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per - storage account Managed: azure managed data disk (only - in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume in - cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the ConfigMap, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's keys - must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to - the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for - this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to pass - to the plugin scripts. This may be empty if no secret - object is specified. If the secret object contains more - than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> - name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir - into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - targetPortal - - iqn - - lun - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - server - - path - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - properties: - configMap: - description: information about the configMap data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to - project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if the - token is older than 80 percent of its time - to live or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as host:port - pair (multiple entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in - the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on - the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. Default - is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - monitors - - image - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not - provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - system - - secretRef - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or it's keys must - be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name - to override the default behaviour. Set to "default" - if you are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - accessScope - type: object - taskManager: - description: Flink TaskManager spec. - properties: - memoryOffHeapMin: - description: 'Minimum amount of off-heap memory in containers, as - a safety margin to avoid OOM kill, default: 600M You can express - this value like 600M, 572Mi and 600e6 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory' - type: string - memoryOffHeapRatio: - description: 'Percentage of off-heap memory in containers, as a - safety margin to avoid OOM kill, default: 25' - format: int32 - type: integer - nodeSelector: - additionalProperties: - type: string - description: 'Selector which must match a node''s labels for the - TaskManager pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - ports: - description: Ports. - properties: - data: - description: 'Data port, default: 6121.' - format: int32 - type: integer - query: - description: Query port. - format: int32 - type: integer - rpc: - description: 'RPC port, default: 6122.' - format: int32 - type: integer - type: object - replicas: - description: The number of replicas. - format: int32 - type: integer - resources: - description: 'Compute resources required by each TaskManager container. - If omitted, a default value will be used. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - sidecars: - description: Sidecar containers running alongside with the TaskManager - container in the pod. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be updated. - items: - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a - container is created. If the handler fails, the container - is terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period. Other management of the container blocks - until the hook completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory - for the command is root ('/') in the container's - filesystem. The command is simply exec'd, it - is not run inside a shell, so traditional shell - instructions ('|', etc) won't work. To use a - shell, you need to explicitly call out to that - shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - items: - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < - 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port - to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x - < 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or - SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag - will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever is - smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default is - false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to - be used by the container. This is a beta feature. - items: - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - properties: - mountPath: - description: Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves - similarly to SubPath but environment variable references - $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - volumeMounts: - description: 'Volume mounts in the TaskManager containers. More - info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is alpha in 1.14. - type: string - required: - - name - - mountPath - type: object - type: array - volumes: - description: 'Volumes in the TaskManager pods. More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per - storage account Managed: azure managed data disk (only - in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. More - info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume in - cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the ConfigMap, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's keys - must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to - the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for - this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to pass - to the plugin scripts. This may be empty if no secret - object is specified. If the secret object contains more - than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> - name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir - into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - targetPortal - - iqn - - lun - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - server - - path - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - properties: - configMap: - description: information about the configMap data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - it's keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to - project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if the - token is older than 80 percent of its time - to live or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as host:port - pair (multiple entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in - the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on - the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. Default - is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - monitors - - image - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not - provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - system - - secretRef - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - items: - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or it's keys must - be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name - to override the default behaviour. Set to "default" - if you are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - replicas - type: object - required: - - image - - jobManager - - taskManager - type: object - status: - properties: - components: - description: The status of the components. - properties: - configMap: - description: The state of configMap. - properties: - name: - description: The resource name of the component. - type: string - state: - description: The state of the component. - type: string - required: - - name - - state - type: object - job: - description: The status of the job, available only when JobSpec - is provided. - properties: - fromSavepoint: - description: The actual savepoint from which this job started. - In case of restart, it might be different from the savepoint - in the job spec. - type: string - id: - description: The ID of the Flink job. - type: string - lastSavepointTime: - description: Last successful or failed savepoint operation timestamp. - type: string - lastSavepointTriggerID: - description: Last savepoint trigger ID. - type: string - name: - description: The name of the Kubernetes job resource. - type: string - restartCount: - description: The number of restarts. - format: int32 - type: integer - savepointGeneration: - description: The generation of the savepoint in `savepointsDir` - taken by the operator. The value starts from 0 when there - is no savepoint and increases by 1 for each successful savepoint. - format: int32 - type: integer - savepointLocation: - description: Savepoint location. - type: string - state: - description: The state of the Kubernetes job. - type: string - required: - - name - - id - - state - type: object - jobManagerDeployment: - description: The state of JobManager deployment. - properties: - name: - description: The resource name of the component. - type: string - state: - description: The state of the component. - type: string - required: - - name - - state - type: object - jobManagerIngress: - description: The state of JobManager ingress. - properties: - name: - description: The name of the Kubernetes ingress resource. - type: string - state: - description: The state of the component. - type: string - urls: - description: The URLs of ingress. - items: - type: string - type: array - required: - - name - - state - type: object - jobManagerService: - description: The state of JobManager service. - properties: - name: - description: The name of the Kubernetes jobManager service. - type: string - nodePort: - description: (Optional) The node port, present when `accessScope` - is `NodePort`. - format: int32 - type: integer - state: - description: The state of the component. - type: string - required: - - name - - state - type: object - taskManagerDeployment: - description: The state of TaskManager deployment. - properties: - name: - description: The resource name of the component. - type: string - state: - description: The state of the component. - type: string - required: - - name - - state - type: object - required: - - configMap - - jobManagerDeployment - - jobManagerService - - taskManagerDeployment - type: object - control: - description: The status of control requested by user - properties: - details: - additionalProperties: - type: string - description: Control data - type: object - message: - description: Message - type: string - name: - description: Control name - type: string - state: - description: State - type: string - updateTime: - description: State update time - type: string - required: - - name - - state - - updateTime - type: object - lastUpdateTime: - description: Last update timestamp for this status. - type: string - state: - description: The overall state of the Flink cluster. - type: string - required: - - state - - components - type: object - required: - - spec - type: object - versions: - - name: v1beta1 - served: true - storage: true diff --git a/contrib/flink/flink-operator/base/deployment.yaml b/contrib/flink/flink-operator/base/deployment.yaml deleted file mode 100644 index fbd290eaa3..0000000000 --- a/contrib/flink/flink-operator/base/deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: flink-operator - control-plane: controller-manager - name: flink-operator-controller-manager - namespace: kubeflow -spec: - replicas: 1 - selector: - matchLabels: - app: flink-operator - control-plane: controller-manager - template: - metadata: - labels: - app: flink-operator - control-plane: controller-manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - - args: - - --metrics-addr=127.0.0.1:8080 - - --watch-namespace= - command: - - /flink-operator - image: gcr.io/flink-operator/flink-operator:latest - name: flink-operator - ports: - - containerPort: 443 - name: webhook-server - protocol: TCP - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - terminationGracePeriodSeconds: 10 - serviceAccountName: flink-operator-sa - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/contrib/flink/flink-operator/base/kustomization.yaml b/contrib/flink/flink-operator/base/kustomization.yaml deleted file mode 100644 index f4c04bcde3..0000000000 --- a/contrib/flink/flink-operator/base/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ -kind: Kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -commonLabels: - app.kubernetes.io/name: flinkoperator - kustomize.component: flink-operator -images: -- name: gcr.io/flink-operator/flink-operator - newName: gcr.io/flink-operator/flink-operator - newTag: v1beta1-6 -namespace: kubeflow -resources: -- crd.yaml -- configmap.yaml -- deployment.yaml -- service.yaml -- service-account.yaml -- cluster-role.yaml -- cluster-role-binding.yaml -- leader-election-role.yaml -- leader-election-role-binding.yaml -- setup-job.yaml -- webhook.yaml diff --git a/contrib/flink/flink-operator/base/leader-election-role-binding.yaml b/contrib/flink/flink-operator/base/leader-election-role-binding.yaml deleted file mode 100644 index 7cf69bd4f2..0000000000 --- a/contrib/flink/flink-operator/base/leader-election-role-binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: flink-operator-leader-election-rolebinding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flink-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: flink-operator-sa - namespace: kubeflow diff --git a/contrib/flink/flink-operator/base/leader-election-role.yaml b/contrib/flink/flink-operator/base/leader-election-role.yaml deleted file mode 100644 index 25773514e1..0000000000 --- a/contrib/flink/flink-operator/base/leader-election-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: flink-operator-leader-election-role - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch - diff --git a/contrib/flink/flink-operator/base/service-account.yaml b/contrib/flink/flink-operator/base/service-account.yaml deleted file mode 100644 index 00767454be..0000000000 --- a/contrib/flink/flink-operator/base/service-account.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Source: flink-operator/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flink-operator-sa - namespace: kubeflow diff --git a/contrib/flink/flink-operator/base/service.yaml b/contrib/flink/flink-operator/base/service.yaml deleted file mode 100644 index 858e1c0f12..0000000000 --- a/contrib/flink/flink-operator/base/service.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" - labels: - control-plane: controller-manager - name: flink-operator-controller-manager-metrics-service - namespace: kubeflow -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: v1 -kind: Service -metadata: - name: flink-operator-webhook-service - namespace: kubeflow -spec: - ports: - - port: 443 - targetPort: 443 - selector: - control-plane: controller-manager diff --git a/contrib/flink/flink-operator/base/setup-job.yaml b/contrib/flink/flink-operator/base/setup-job.yaml deleted file mode 100644 index 613d62bf02..0000000000 --- a/contrib/flink/flink-operator/base/setup-job.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Source: flink-operator/templates/generate-cert.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: cert-job - namespace: kubeflow - labels: - app.kubernetes.io/name: flink-operator - app.kubernetes.io/component: cert-job -spec: - ttlSecondsAfterFinished: 300 - backoffLimit: 0 - completions: 1 - parallelism: 1 - template: - spec: - containers: - - command: - - "/bin/bash" - - "-ec" - - | - ls /cert_to_create - for cert in /cert_to_create/*; - do - bash $cert; - done - image: gcr.io/flink-operator/deployer:webhook-cert - imagePullPolicy: Always - name: create-cert - volumeMounts: - - name: cert-configmap - mountPath: "/cert_to_create/" - - name: webhook-configmap - mountPath: "/webhook_to_create/" - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccountName: flink-operator-sa - volumes: - - name: cert-configmap - configMap: - name: cert-configmap - - name: webhook-configmap - configMap: - name: webhook-configmap diff --git a/contrib/flink/flink-operator/base/webhook.yaml b/contrib/flink/flink-operator/base/webhook.yaml deleted file mode 100644 index 8939c2b9fc..0000000000 --- a/contrib/flink/flink-operator/base/webhook.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: flink-operator-mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: flink-operator-webhook-service - namespace: kubeflow - path: /mutate-flinkoperator-k8s-io-v1beta1-flinkcluster - failurePolicy: Fail - name: mflinkcluster.flinkoperator.k8s.io - rules: - - apiGroups: - - flinkoperator.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - flinkclusters ---- -# Source: flink-operator/templates/flink-operator.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: flink-operator-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: flink-operator-webhook-service - namespace: kubeflow - path: /validate-flinkoperator-k8s-io-v1beta1-flinkcluster - failurePolicy: Fail - name: vflinkcluster.flinkoperator.k8s.io - rules: - - apiGroups: - - flinkoperator.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - flinkclusters diff --git a/contrib/flink/flink-operator/overlay/application/application.yaml b/contrib/flink/flink-operator/overlay/application/application.yaml deleted file mode 100644 index 1dd96db90c..0000000000 --- a/contrib/flink/flink-operator/overlay/application/application.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: flink-operator -spec: - selector: - matchLabels: - app.kubernetes.io/name: flinkoperator - app.kubernetes.io/instance: flink-operator-v1.1.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: flink-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.1.0 - componentKinds: - - group: core - kind: Service - - group: apps - kind: Deployment - - group: core - kind: ConfigMap - - group: core - kind: ServiceAccount - - group: flinkoperator.k8s.io - kind: FlinkCluster - descriptor: - type: "flink-operator" - version: "v1beta1" - description: "Flink Operator allows users to create and manage the \"FlinkCluster\" custom resource." - maintainers: - - name: Jiaxin Shan - email: seedjeffwan@gmail.com - owners: - - name: Jiaxin Shan - email: seedjeffwan@gmail.com - keywords: - - "flink" - - "beam" - addOwnerRef: true diff --git a/contrib/flink/flink-operator/overlay/application/kustomization.yaml b/contrib/flink/flink-operator/overlay/application/kustomization.yaml deleted file mode 100644 index 63222abc76..0000000000 --- a/contrib/flink/flink-operator/overlay/application/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -commonLabels: - app.kubernetes.io/component: flink-operator - app.kubernetes.io/name: flinkoperator -kind: Kustomization -resources: -- application.yaml From 92d51adec10feca19f71d3bdccfc220670662871 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:10:14 -0400 Subject: [PATCH 07/12] Remove /contrib/gatekeeper Signed-off-by: Anna Jung (VMware) --- contrib/gatekeeper/README.md | 67 ------------------- contrib/gatekeeper/constraint-template.yaml | 40 ----------- .../gatekeeper/ns-required-annotations.yaml | 15 ----- 3 files changed, 122 deletions(-) delete mode 100644 contrib/gatekeeper/README.md delete mode 100644 contrib/gatekeeper/constraint-template.yaml delete mode 100644 contrib/gatekeeper/ns-required-annotations.yaml diff --git a/contrib/gatekeeper/README.md b/contrib/gatekeeper/README.md deleted file mode 100644 index 776ded7141..0000000000 --- a/contrib/gatekeeper/README.md +++ /dev/null @@ -1,67 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). - - -# Gatekeeper and Kubeflow - -[Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is a validating webhook for Kubernetes that enforces CRD-based access control policies. -In Kubeflow, we use Gatekeeper to restrict controllers to their own namespaces. The details can be found [here](https://bit.ly/2yJeU5u). - -## Installation - -1. Follow the instructions [here](https://github.com/open-policy-agent/gatekeeper#deploying-a-release-using-prebuilt-image) to install Gatekeeper controller. - -1. Apply the constraint template in this directory: -``` -kubectl apply -f constraint-template.yaml -``` - -## Configuration - -1. In order to configure contraints for your controllers, edit the `ns-required-annotations.yaml` file. -```yaml - # Fill in the service account name - usernames: ["system:serviceaccount:(NAMESPACE):(SERVICEACCOUNT)"] - # Replace with your own labels - annotations: ["kubeflow-admins", "kubeflow-users"] -``` - * Under `usernames`, enter the names of the service accounts used to deploy Kubeflow resources. - * Under `annotations`, enter your own label names. - -2. Deploy the constraint: -``` -kubectl apply -f ns-required-annotations.yaml -``` - -## Usage - -The constraint is now enabled. You can test that the constraint is working by creating a namespace without the required labels: -```yaml -apiVersion: v1 -kind: Namespace -metadata: - name: kubeflow -``` - -Then try to create any resource under this namespace using one of the restricted users' credentials. This should result in an access violation: - -``` -Missing labels for user SERVICEACCOUNT namespace kubeflow: Required one of labels: ["kubeflow-admins", "kubeflow-users"] Actual labels: None -``` - -Now add the required labels to the namespace: -```yaml -apiVersion: v1 -kind: Namespace -metadata: - name: kubeflow - annotations: - category: kubeflow-admins -``` - -Then try to create the same source again, and it should work. diff --git a/contrib/gatekeeper/constraint-template.yaml b/contrib/gatekeeper/constraint-template.yaml deleted file mode 100644 index 3cb15f60d3..0000000000 --- a/contrib/gatekeeper/constraint-template.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: templates.gatekeeper.sh/v1alpha1 -kind: ConstraintTemplate -metadata: - name: requiredannotations -spec: - crd: - spec: - names: - kind: RequiredAnnotations - listKind: RequiredAnnotationsList - plural: requiredannotations - singular: requiredannotations - validation: - # Schema for the `parameters` field - openAPIV3Schema: - properties: - labels: - type: array - items: string - targets: - - target: admission.k8s.gatekeeper.sh - rego: | - package requiredannotations - - violation[{"msg": msg, "details": {"Invalid namespace": ns}}] { - # Check if the actual user is one of the restricted_users - actual_user := {input.review.userInfo.username} - restricted_users := {username | username := input.constraint.spec.parameters.usernames[_]} - - # Check if the namespace is annotated with the required labels - ns := input.review.object.metadata.namespace - real_ns := data.inventory.cluster.v1.Namespace[ns] - actual := {annotation | annotation := real_ns.metadata.annotations["category"]} - required := {annotation | annotation := input.constraint.spec.parameters.annotations[_]} - - count(actual_user - restricted_users) == 0 - count(required & actual) == 0 - - msg := sprintf("Missing labels for username %v namespace %v: Required one of labels: %v Actual labels: %v", [actual_user, ns, required, actual]) - } diff --git a/contrib/gatekeeper/ns-required-annotations.yaml b/contrib/gatekeeper/ns-required-annotations.yaml deleted file mode 100644 index 2c196dd471..0000000000 --- a/contrib/gatekeeper/ns-required-annotations.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: constraints.gatekeeper.sh/v1alpha1 -kind: RequiredAnnotations -metadata: - name: ns-required-annotations -spec: - match: - # Policy applies to all resources - kinds: - - apiGroups: ["*"] - kinds: ["*"] - parameters: - # Fill in the service account name - usernames: ["system:serviceaccount:(NAMESPACE):(SERVICEACCOUNT)"] - # Replace with your own labels - annotations: ["kubeflow-admins", "kubeflow-users"] From f5958b866c2f76eafd3efa2c708a2c5ab46ed7fd Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:10:37 -0400 Subject: [PATCH 08/12] Remove /contrib/modeldb Signed-off-by: Anna Jung (VMware) --- contrib/modeldb/README.md | 7 ---- .../base/artifact-store-deployment.yaml | 39 ------------------ .../modeldb/base/artifact-store-service.yaml | 14 ------- contrib/modeldb/base/backend-deployment.yaml | 38 ------------------ .../modeldb/base/backend-proxy-service.yaml | 14 ------- contrib/modeldb/base/backend-service.yaml | 13 ------ contrib/modeldb/base/configmap.yaml | 17 -------- contrib/modeldb/base/kustomization.yaml | 35 ---------------- .../base/mysql-backend-deployment.yaml | 39 ------------------ contrib/modeldb/base/mysql-service.yaml | 14 ------- .../modeldb/base/persistent-volume-claim.yaml | 12 ------ contrib/modeldb/base/proxy-deployment.yaml | 36 ----------------- contrib/modeldb/base/secret.yaml | 40 ------------------- contrib/modeldb/base/webapp-deplyment.yaml | 27 ------------- contrib/modeldb/base/webapp-service.yaml | 14 ------- 15 files changed, 359 deletions(-) delete mode 100644 contrib/modeldb/README.md delete mode 100644 contrib/modeldb/base/artifact-store-deployment.yaml delete mode 100644 contrib/modeldb/base/artifact-store-service.yaml delete mode 100644 contrib/modeldb/base/backend-deployment.yaml delete mode 100644 contrib/modeldb/base/backend-proxy-service.yaml delete mode 100644 contrib/modeldb/base/backend-service.yaml delete mode 100644 contrib/modeldb/base/configmap.yaml delete mode 100644 contrib/modeldb/base/kustomization.yaml delete mode 100644 contrib/modeldb/base/mysql-backend-deployment.yaml delete mode 100644 contrib/modeldb/base/mysql-service.yaml delete mode 100644 contrib/modeldb/base/persistent-volume-claim.yaml delete mode 100644 contrib/modeldb/base/proxy-deployment.yaml delete mode 100644 contrib/modeldb/base/secret.yaml delete mode 100644 contrib/modeldb/base/webapp-deplyment.yaml delete mode 100644 contrib/modeldb/base/webapp-service.yaml diff --git a/contrib/modeldb/README.md b/contrib/modeldb/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/modeldb/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/modeldb/base/artifact-store-deployment.yaml b/contrib/modeldb/base/artifact-store-deployment.yaml deleted file mode 100644 index cf66617264..0000000000 --- a/contrib/modeldb/base/artifact-store-deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ - -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: modeldb - name: modeldb-artifact-store -spec: - selector: - matchLabels: - app: modeldb - tier: artifact-store - strategy: - type: Recreate - template: - metadata: - labels: - app: modeldb - tier: artifact-store - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - env: - - name: VERTA_ARTIFACT_CONFIG - value: /config/config.yaml - image: vertaaiofficial/modeldb-artifact-store:kubeflow - imagePullPolicy: Always - name: modeldb-artifact-store - ports: - - containerPort: 8086 - volumeMounts: - - mountPath: /config - name: modeldb-artifact-store-config - readOnly: true - volumes: - - configMap: - name: modeldb-artifact-store-config - name: modeldb-artifact-store-config diff --git a/contrib/modeldb/base/artifact-store-service.yaml b/contrib/modeldb/base/artifact-store-service.yaml deleted file mode 100644 index 35e591f8bb..0000000000 --- a/contrib/modeldb/base/artifact-store-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: modeldb - name: modeldb-artifact-store -spec: - ports: - - port: 8086 - targetPort: 8086 - selector: - app: modeldb - tier: artifact-store - type: ClusterIP diff --git a/contrib/modeldb/base/backend-deployment.yaml b/contrib/modeldb/base/backend-deployment.yaml deleted file mode 100644 index 361562b628..0000000000 --- a/contrib/modeldb/base/backend-deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: modeldb - name: modeldb-backend -spec: - selector: - matchLabels: - app: modeldb - tier: backend - strategy: - type: Recreate - template: - metadata: - labels: - app: modeldb - tier: backend - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - env: - - name: VERTA_MODELDB_CONFIG - value: /config-backend/config.yaml - image: vertaaiofficial/modeldb-backend:kubeflow - imagePullPolicy: Always - name: modeldb-backend - ports: - - containerPort: 8085 - volumeMounts: - - mountPath: /config-backend - name: modeldb-backend-secret-volume - readOnly: true - volumes: - - name: modeldb-backend-secret-volume - secret: - secretName: modeldb-backend-config-secret diff --git a/contrib/modeldb/base/backend-proxy-service.yaml b/contrib/modeldb/base/backend-proxy-service.yaml deleted file mode 100644 index 20ed7bb52b..0000000000 --- a/contrib/modeldb/base/backend-proxy-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: modeldb - name: modeldb-backend-proxy -spec: - ports: - - port: 8080 - targetPort: 8080 - selector: - app: modeldb - tier: backend-proxy - type: LoadBalancer diff --git a/contrib/modeldb/base/backend-service.yaml b/contrib/modeldb/base/backend-service.yaml deleted file mode 100644 index 8a7e25a0bc..0000000000 --- a/contrib/modeldb/base/backend-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: modeldb - name: modeldb-backend -spec: - ports: - - port: 8085 - selector: - app: modeldb - tier: backend - type: LoadBalancer diff --git a/contrib/modeldb/base/configmap.yaml b/contrib/modeldb/base/configmap.yaml deleted file mode 100644 index d9a11347a6..0000000000 --- a/contrib/modeldb/base/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -data: - config.yaml: |- - #ArtifactStore Properties - artifactStore_grpcServer: - port: 8086 - - artifactStoreConfig: - initializeBuckets: false - storageTypeName: amazonS3 #amazonS3, googleCloudStorage, nfs - #nfsRootPath: /path/to/my/nfs/storage/location - bucket_names: - - artifactstoredemo -kind: ConfigMap -metadata: - name: modeldb-artifact-store-config -type: Opaque diff --git a/contrib/modeldb/base/kustomization.yaml b/contrib/modeldb/base/kustomization.yaml deleted file mode 100644 index e7004fd075..0000000000 --- a/contrib/modeldb/base/kustomization.yaml +++ /dev/null @@ -1,35 +0,0 @@ -namePrefix: modeldb- - -resources: -- artifact-store-deployment.yaml -- artifact-store-service.yaml -- backend-deployment.yaml -- backend-proxy-service.yaml -- backend-service.yaml -- configmap.yaml -- mysql-backend-deployment.yaml -- mysql-service.yaml -- persistent-volume-claim.yaml -- proxy-deployment.yaml -- secret.yaml -- webapp-deplyment.yaml -- webapp-service.yaml - -commonLabels: - kustomize.component: modeldb -images: -- name: vertaaiofficial/modeldb-frontend - newName: vertaaiofficial/modeldb-frontend - newTag: kubeflow -- name: vertaaiofficial/modeldb-backend - newName: vertaaiofficial/modeldb-backend - newTag: kubeflow -- name: vertaaiofficial/modeldb-artifact-store - newName: vertaaiofficial/modeldb-artifact-store - newTag: kubeflow -- name: mysql - newName: mysql - newTag: '5.7' -- name: vertaaiofficial/modeldb-backend-proxy - newName: vertaaiofficial/modeldb-backend-proxy - newTag: kubeflow diff --git a/contrib/modeldb/base/mysql-backend-deployment.yaml b/contrib/modeldb/base/mysql-backend-deployment.yaml deleted file mode 100644 index 875c0cdb07..0000000000 --- a/contrib/modeldb/base/mysql-backend-deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: modeldb - name: modeldb-mysql-backend -spec: - selector: - matchLabels: - app: modeldb - tier: mysql - strategy: - type: Recreate - template: - metadata: - labels: - app: modeldb - tier: mysql - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - --ignore-db-dir=lost+found - env: - - name: MYSQL_ROOT_PASSWORD - value: root - image: mysql:5.7 - imagePullPolicy: Always - name: modeldb-mysql-backend - ports: - - containerPort: 3306 - volumeMounts: - - mountPath: /var/lib/mysql - name: modeldb-mysql-persistent-storage - volumes: - - name: modeldb-mysql-persistent-storage - persistentVolumeClaim: - claimName: modeldb-mysql-pv-claim diff --git a/contrib/modeldb/base/mysql-service.yaml b/contrib/modeldb/base/mysql-service.yaml deleted file mode 100644 index 70558e8cd2..0000000000 --- a/contrib/modeldb/base/mysql-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: modeldb - name: modeldb-mysql-backend -spec: - ports: - - port: 3306 - targetPort: 3306 - selector: - app: modeldb - tier: mysql - type: ClusterIP diff --git a/contrib/modeldb/base/persistent-volume-claim.yaml b/contrib/modeldb/base/persistent-volume-claim.yaml deleted file mode 100644 index d7bfea86c5..0000000000 --- a/contrib/modeldb/base/persistent-volume-claim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app: modeldb - name: modeldb-mysql-pv-claim -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi diff --git a/contrib/modeldb/base/proxy-deployment.yaml b/contrib/modeldb/base/proxy-deployment.yaml deleted file mode 100644 index 30d583944e..0000000000 --- a/contrib/modeldb/base/proxy-deployment.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: modeldb - name: modeldb-backend-proxy -spec: - selector: - matchLabels: - app: modeldb - tier: backend-proxy - strategy: - type: Recreate - template: - metadata: - labels: - app: modeldb - tier: backend-proxy - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - -project_endpoint - - modeldb-backend:8085 - - -experiment_endpoint - - modeldb-backend:8085 - - -experiment_run_endpoint - - modeldb-backend:8085 - command: - - /go/bin/proxy - image: vertaaiofficial/modeldb-backend-proxy:kubeflow - imagePullPolicy: Always - name: modeldb-backend-proxy - ports: - - containerPort: 8080 diff --git a/contrib/modeldb/base/secret.yaml b/contrib/modeldb/base/secret.yaml deleted file mode 100644 index 086b5259e1..0000000000 --- a/contrib/modeldb/base/secret.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: modeldb-backend-config-secret -stringData: - config.yaml: |- - #ModelDB Properties - grpcServer: - port: 8085 - - #Entity name list - entities: - projectEntity: Project - experimentEntity: Experiment - experimentRunEntity: ExperimentRun - artifactStoreMappingEntity: ArtifactStoreMapping - jobEntity: Job - collaboratorEntity: Collaborator - - # Database settings (type mysql, mongodb, couchbasedb etc..) - database: - DBType: rdbms - RdbConfiguration: - RdbDatabaseName: modeldb - RdbDriver: "com.mysql.cj.jdbc.Driver" - RdbDialect: "org.hibernate.dialect.MySQL5Dialect" - RdbUrl: "jdbc:mysql://modeldb-mysql-backend:3306" - RdbUsername: root - RdbPassword: root - - #ArtifactStore Properties - artifactStore_grpcServer: - host: artifact-store-backend - port: 8086 - - #AuthService Properties - authService: - host: #uacservice # Docker container name OR docker IP - port: #50051 -type: Opaque diff --git a/contrib/modeldb/base/webapp-deplyment.yaml b/contrib/modeldb/base/webapp-deplyment.yaml deleted file mode 100644 index bf01fc6d5b..0000000000 --- a/contrib/modeldb/base/webapp-deplyment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: modeldb - name: modeldb-webapp -spec: - selector: - matchLabels: - app: modeldb - tier: webapp - strategy: - type: Recreate - template: - metadata: - labels: - app: modeldb - tier: webapp - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - image: vertaaiofficial/modeldb-frontend:kubeflow - imagePullPolicy: Always - name: modeldb-webapp - ports: - - containerPort: 3000 diff --git a/contrib/modeldb/base/webapp-service.yaml b/contrib/modeldb/base/webapp-service.yaml deleted file mode 100644 index 2ef6718181..0000000000 --- a/contrib/modeldb/base/webapp-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: modeldb - name: modeldb-webapp -spec: - ports: - - port: 80 - targetPort: 3000 - selector: - app: modeldb - tier: webapp - type: LoadBalancer From 2301690df3c41d6a4cb864a9e5ff201d65e19ae0 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:10:57 -0400 Subject: [PATCH 09/12] Remove /contrib/spark Signed-off-by: Anna Jung (VMware) --- contrib/spark/OWNERS | 3 - .../spark-operator/base/Kube-descriptor.yaml | 12 - .../spark-operator/base/cr-clusterrole.yaml | 72 - contrib/spark/spark-operator/base/crb.yaml | 11 - contrib/spark/spark-operator/base/deploy.yaml | 44 - .../spark-operator/base/kustomization.yaml | 21 - .../spark-operator/base/operator-sa.yaml | 4 - contrib/spark/spark-operator/base/role.yaml | 18 - .../spark-operator/base/rolebinding.yaml | 12 - ...applications.sparkoperator.k8s.io-crd.yaml | 2546 ----------------- .../spark/spark-operator/base/spark-sa.yaml | 5 - ...applications.sparkoperator.k8s.io-crd.yaml | 2528 ---------------- .../overlays/application/application.yaml | 37 - .../overlays/application/kustomization.yaml | 9 - 14 files changed, 5322 deletions(-) delete mode 100644 contrib/spark/OWNERS delete mode 100644 contrib/spark/spark-operator/base/Kube-descriptor.yaml delete mode 100644 contrib/spark/spark-operator/base/cr-clusterrole.yaml delete mode 100644 contrib/spark/spark-operator/base/crb.yaml delete mode 100644 contrib/spark/spark-operator/base/deploy.yaml delete mode 100644 contrib/spark/spark-operator/base/kustomization.yaml delete mode 100644 contrib/spark/spark-operator/base/operator-sa.yaml delete mode 100644 contrib/spark/spark-operator/base/role.yaml delete mode 100644 contrib/spark/spark-operator/base/rolebinding.yaml delete mode 100644 contrib/spark/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml delete mode 100644 contrib/spark/spark-operator/base/spark-sa.yaml delete mode 100644 contrib/spark/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml delete mode 100644 contrib/spark/spark-operator/overlays/application/application.yaml delete mode 100644 contrib/spark/spark-operator/overlays/application/kustomization.yaml diff --git a/contrib/spark/OWNERS b/contrib/spark/OWNERS deleted file mode 100644 index 18061f9d08..0000000000 --- a/contrib/spark/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -approvers: - - holdenk - - Jeffwan diff --git a/contrib/spark/spark-operator/base/Kube-descriptor.yaml b/contrib/spark/spark-operator/base/Kube-descriptor.yaml deleted file mode 100644 index 7174effa26..0000000000 --- a/contrib/spark/spark-operator/base/Kube-descriptor.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: v1beta2-1.1.0-2.4.5 -description: Spark operator based on https://github.com/GoogleCloudPlatform/spark-on-k8s-operator -home: https://github.com/kubeflow/manifests/spark-operator -keywords: -- spark -kubeVersion: '>=1.8.0-0' -maintainers: -- email: holden.karau@gmail.com - name: holdenk -name: sparkoperator -version: 0.4.0 diff --git a/contrib/spark/spark-operator/base/cr-clusterrole.yaml b/contrib/spark/spark-operator/base/cr-clusterrole.yaml deleted file mode 100644 index aa94476386..0000000000 --- a/contrib/spark/spark-operator/base/cr-clusterrole.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: operator-cr -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - '*' -- apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - create - - get - - delete - - update -- apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - get - - delete -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - get - - update - - delete -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - get - - update - - delete -- apiGroups: - - sparkoperator.k8s.io - resources: - - sparkapplications - - scheduledsparkapplications - - sparkapplications/status - - scheduledsparkapplications/status - verbs: - - '*' diff --git a/contrib/spark/spark-operator/base/crb.yaml b/contrib/spark/spark-operator/base/crb.yaml deleted file mode 100644 index 13ff66827a..0000000000 --- a/contrib/spark/spark-operator/base/crb.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: sparkoperator-crb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-cr -subjects: -- kind: ServiceAccount - name: operator-sa diff --git a/contrib/spark/spark-operator/base/deploy.yaml b/contrib/spark/spark-operator/base/deploy.yaml deleted file mode 100644 index 3e28da57f3..0000000000 --- a/contrib/spark/spark-operator/base/deploy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sparkoperator -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: sparkoperator - app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 - kustomize.component: spark-operator - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "10254" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - labels: - app.kubernetes.io/name: sparkoperator - app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 - kustomize.component: spark-operator - spec: - containers: - - args: - - -v=2 - - -namespace= - - -ingress-url-format= - - -controller-threads=10 - - -resync-interval=30 - - -logtostderr - - -enable-metrics=true - - -metrics-labels=app_type - - -metrics-port=10254 - - -metrics-endpoint=/metrics - - -metrics-prefix= - image: gcr.io/spark-operator/spark-operator:v1beta2-1.1.0-2.4.5 - imagePullPolicy: IfNotPresent - name: sparkoperator - ports: - - containerPort: 10254 - serviceAccountName: operator-sa diff --git a/contrib/spark/spark-operator/base/kustomization.yaml b/contrib/spark/spark-operator/base/kustomization.yaml deleted file mode 100644 index 50eb16bb3e..0000000000 --- a/contrib/spark/spark-operator/base/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -commonLabels: - app.kubernetes.io/name: sparkoperator - kustomize.component: spark-operator -images: -- name: gcr.io/spark-operator/spark-operator - newName: gcr.io/spark-operator/spark-operator - newTag: v1beta2-1.1.0-2.4.5 -kind: Kustomization -namePrefix: spark-operator -namespace: kubeflow -resources: -- spark-sa.yaml -- cr-clusterrole.yaml -- crb.yaml -- deploy.yaml -- operator-sa.yaml -- role.yaml -- rolebinding.yaml -- sparkapplications.sparkoperator.k8s.io-crd.yaml -- scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml diff --git a/contrib/spark/spark-operator/base/operator-sa.yaml b/contrib/spark/spark-operator/base/operator-sa.yaml deleted file mode 100644 index a0754ee50d..0000000000 --- a/contrib/spark/spark-operator/base/operator-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: operator-sa diff --git a/contrib/spark/spark-operator/base/role.yaml b/contrib/spark/spark-operator/base/role.yaml deleted file mode 100644 index b32b86ec65..0000000000 --- a/contrib/spark/spark-operator/base/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: spark-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - create - - delete - - deletecollection - - patch - - update diff --git a/contrib/spark/spark-operator/base/rolebinding.yaml b/contrib/spark/spark-operator/base/rolebinding.yaml deleted file mode 100644 index fc3ae1d7e1..0000000000 --- a/contrib/spark/spark-operator/base/rolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: spark-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: spark-role -subjects: -- kind: ServiceAccount - name: spark - diff --git a/contrib/spark/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml b/contrib/spark/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml deleted file mode 100644 index 7bcfba7719..0000000000 --- a/contrib/spark/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml +++ /dev/null @@ -1,2546 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: scheduledsparkapplications.sparkoperator.k8s.io -spec: - group: sparkoperator.k8s.io - names: - kind: ScheduledSparkApplication - listKind: ScheduledSparkApplicationList - plural: scheduledsparkapplications - shortNames: - - scheduledsparkapp - singular: scheduledsparkapplication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - concurrencyPolicy: - type: string - failedRunHistoryLimit: - format: int32 - type: integer - schedule: - type: string - successfulRunHistoryLimit: - format: int32 - type: integer - suspend: - type: boolean - template: - properties: - arguments: - items: - type: string - type: array - batchScheduler: - type: string - batchSchedulerOptions: - properties: - priorityClassName: - type: string - queue: - type: string - type: object - deps: - properties: - downloadTimeout: - format: int32 - minimum: 1 - type: integer - files: - items: - type: string - type: array - filesDownloadDir: - type: string - jars: - items: - type: string - type: array - jarsDownloadDir: - type: string - maxSimultaneousDownloads: - format: int32 - minimum: 1 - type: integer - pyFiles: - items: - type: string - type: array - type: object - driver: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: - type: string - cores: - format: int32 - minimum: 1 - type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - javaOptions: - type: string - labels: - additionalProperties: - type: string - type: object - memory: - type: string - memoryOverhead: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podName: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - schedulerName: - type: string - secrets: - items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object - type: array - securityContext: - properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - serviceAccount: - type: string - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - type: object - executor: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: - type: string - coreRequest: - type: string - cores: - format: int32 - minimum: 1 - type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - instances: - format: int32 - minimum: 1 - type: integer - javaOptions: - type: string - labels: - additionalProperties: - type: string - type: object - memory: - type: string - memoryOverhead: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - schedulerName: - type: string - secrets: - items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object - type: array - securityContext: - properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - type: object - failureRetries: - format: int32 - type: integer - hadoopConf: - additionalProperties: - type: string - type: object - hadoopConfigMap: - type: string - image: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - initContainerImage: - type: string - mainApplicationFile: - type: string - mainClass: - type: string - memoryOverheadFactor: - type: string - mode: - enum: - - cluster - - client - type: string - monitoring: - properties: - exposeDriverMetrics: - type: boolean - exposeExecutorMetrics: - type: boolean - metricsProperties: - type: string - prometheus: - properties: - configFile: - type: string - configuration: - type: string - jmxExporterJar: - type: string - port: - format: int32 - maximum: 49151 - minimum: 1024 - type: integer - required: - - jmxExporterJar - type: object - required: - - exposeDriverMetrics - - exposeExecutorMetrics - type: object - nodeSelector: - additionalProperties: - type: string - type: object - pythonVersion: - enum: - - "2" - - "3" - type: string - restartPolicy: - properties: - onFailureRetries: - format: int32 - minimum: 0 - type: integer - onFailureRetryInterval: - format: int64 - minimum: 1 - type: integer - onSubmissionFailureRetries: - format: int32 - minimum: 0 - type: integer - onSubmissionFailureRetryInterval: - format: int64 - minimum: 1 - type: integer - type: - enum: - - Never - - Always - - OnFailure - type: string - type: object - retryInterval: - format: int64 - type: integer - sparkConf: - additionalProperties: - type: string - type: object - sparkConfigMap: - type: string - sparkVersion: - type: string - timeToLiveSeconds: - format: int64 - type: integer - type: - enum: - - Java - - Python - - Scala - - R - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - type: string - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - driver - - executor - - mainApplicationFile - - sparkVersion - - type - type: object - required: - - schedule - - template - type: object - required: - - metadata - - spec - type: object - version: v1beta2 - versions: - - name: v1beta2 - served: true - storage: true diff --git a/contrib/spark/spark-operator/base/spark-sa.yaml b/contrib/spark/spark-operator/base/spark-sa.yaml deleted file mode 100644 index ebbc7dff7b..0000000000 --- a/contrib/spark/spark-operator/base/spark-sa.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: spark - namespace: kubeflow diff --git a/contrib/spark/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml b/contrib/spark/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml deleted file mode 100644 index 74065d68f7..0000000000 --- a/contrib/spark/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml +++ /dev/null @@ -1,2528 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: sparkapplications.sparkoperator.k8s.io -spec: - group: sparkoperator.k8s.io - names: - kind: SparkApplication - listKind: SparkApplicationList - plural: sparkapplications - shortNames: - - sparkapp - singular: sparkapplication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - arguments: - items: - type: string - type: array - batchScheduler: - type: string - batchSchedulerOptions: - properties: - priorityClassName: - type: string - queue: - type: string - type: object - deps: - properties: - downloadTimeout: - format: int32 - minimum: 1 - type: integer - files: - items: - type: string - type: array - filesDownloadDir: - type: string - jars: - items: - type: string - type: array - jarsDownloadDir: - type: string - maxSimultaneousDownloads: - format: int32 - minimum: 1 - type: integer - pyFiles: - items: - type: string - type: array - type: object - driver: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: - type: string - cores: - format: int32 - minimum: 1 - type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - javaOptions: - type: string - labels: - additionalProperties: - type: string - type: object - memory: - type: string - memoryOverhead: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podName: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - schedulerName: - type: string - secrets: - items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object - type: array - securityContext: - properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - serviceAccount: - type: string - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - type: object - executor: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: - type: string - coreRequest: - type: string - cores: - format: int32 - minimum: 1 - type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - instances: - format: int32 - minimum: 1 - type: integer - javaOptions: - type: string - labels: - additionalProperties: - type: string - type: object - memory: - type: string - memoryOverhead: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - schedulerName: - type: string - secrets: - items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object - type: array - securityContext: - properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - type: object - failureRetries: - format: int32 - type: integer - hadoopConf: - additionalProperties: - type: string - type: object - hadoopConfigMap: - type: string - image: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - initContainerImage: - type: string - mainApplicationFile: - type: string - mainClass: - type: string - memoryOverheadFactor: - type: string - mode: - enum: - - cluster - - client - type: string - monitoring: - properties: - exposeDriverMetrics: - type: boolean - exposeExecutorMetrics: - type: boolean - metricsProperties: - type: string - prometheus: - properties: - configFile: - type: string - configuration: - type: string - jmxExporterJar: - type: string - port: - format: int32 - maximum: 49151 - minimum: 1024 - type: integer - required: - - jmxExporterJar - type: object - required: - - exposeDriverMetrics - - exposeExecutorMetrics - type: object - nodeSelector: - additionalProperties: - type: string - type: object - pythonVersion: - enum: - - "2" - - "3" - type: string - restartPolicy: - properties: - onFailureRetries: - format: int32 - minimum: 0 - type: integer - onFailureRetryInterval: - format: int64 - minimum: 1 - type: integer - onSubmissionFailureRetries: - format: int32 - minimum: 0 - type: integer - onSubmissionFailureRetryInterval: - format: int64 - minimum: 1 - type: integer - type: - enum: - - Never - - Always - - OnFailure - type: string - type: object - retryInterval: - format: int64 - type: integer - sparkConf: - additionalProperties: - type: string - type: object - sparkConfigMap: - type: string - sparkVersion: - type: string - timeToLiveSeconds: - format: int64 - type: integer - type: - enum: - - Java - - Python - - Scala - - R - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - type: string - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - driver - - executor - - mainApplicationFile - - sparkVersion - - type - type: object - required: - - metadata - - spec - type: object - version: v1beta2 - versions: - - name: v1beta2 - served: true - storage: true diff --git a/contrib/spark/spark-operator/overlays/application/application.yaml b/contrib/spark/spark-operator/overlays/application/application.yaml deleted file mode 100644 index 3c6d8c3b6c..0000000000 --- a/contrib/spark/spark-operator/overlays/application/application.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: spark-operator -spec: - selector: - matchLabels: - app.kubernetes.io/name: sparkoperator - app.kubernetes.io/instance: spark-operator-v0.7.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: sppark-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.7.0 - componentKinds: - - group: core - kind: Service - - group: apps - kind: Deployment - - group: core - kind: ConfigMap - - group: core - kind: ServiceAccount - - group: kubeflow.org - kind: SparkOperator - descriptor: - type: "spark-operator" - version: "v1" - description: "Spark-operator allows users to create and manage the \"SparkApplication\" custom resource." - maintainers: - - name: Holden Karau - email: holden@pigscanfly.ca - owners: - - name: Holden Karau - email: holden@pigscanfly.ca - keywords: - - "spark" - addOwnerRef: true diff --git a/contrib/spark/spark-operator/overlays/application/kustomization.yaml b/contrib/spark/spark-operator/overlays/application/kustomization.yaml deleted file mode 100644 index 6a652ddd5f..0000000000 --- a/contrib/spark/spark-operator/overlays/application/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app.kubernetes.io/component: spark-operator - app.kubernetes.io/name: sparkoperator -kind: Kustomization -resources: -- application.yaml From 288855d79daa22544fb06184e97f6d874682f54f Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:11:13 -0400 Subject: [PATCH 10/12] Remove /contrib/spartakus Signed-off-by: Anna Jung (VMware) --- contrib/spartakus/README.md | 7 ---- .../spartakus/base/cluster-role-binding.yaml | 13 -------- contrib/spartakus/base/cluster-role.yaml | 14 -------- contrib/spartakus/base/deployment.yaml | 29 ---------------- contrib/spartakus/base/kustomization.yaml | 22 ------------- contrib/spartakus/base/params.env | 1 - contrib/spartakus/base/params.yaml | 3 -- contrib/spartakus/base/service-account.yaml | 6 ---- .../overlays/application/application.yaml | 33 ------------------- .../overlays/application/kustomization.yaml | 9 ----- 10 files changed, 137 deletions(-) delete mode 100644 contrib/spartakus/README.md delete mode 100644 contrib/spartakus/base/cluster-role-binding.yaml delete mode 100644 contrib/spartakus/base/cluster-role.yaml delete mode 100644 contrib/spartakus/base/deployment.yaml delete mode 100644 contrib/spartakus/base/kustomization.yaml delete mode 100644 contrib/spartakus/base/params.env delete mode 100644 contrib/spartakus/base/params.yaml delete mode 100644 contrib/spartakus/base/service-account.yaml delete mode 100644 contrib/spartakus/overlays/application/application.yaml delete mode 100644 contrib/spartakus/overlays/application/kustomization.yaml diff --git a/contrib/spartakus/README.md b/contrib/spartakus/README.md deleted file mode 100644 index 642106f637..0000000000 --- a/contrib/spartakus/README.md +++ /dev/null @@ -1,7 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/spartakus/base/cluster-role-binding.yaml b/contrib/spartakus/base/cluster-role-binding.yaml deleted file mode 100644 index e8e7ac103d..0000000000 --- a/contrib/spartakus/base/cluster-role-binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: spartakus - name: spartakus -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: spartakus -subjects: -- kind: ServiceAccount - name: spartakus diff --git a/contrib/spartakus/base/cluster-role.yaml b/contrib/spartakus/base/cluster-role.yaml deleted file mode 100644 index 5fdcb06daf..0000000000 --- a/contrib/spartakus/base/cluster-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app: spartakus - name: spartakus -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list diff --git a/contrib/spartakus/base/deployment.yaml b/contrib/spartakus/base/deployment.yaml deleted file mode 100644 index 2616342bbe..0000000000 --- a/contrib/spartakus/base/deployment.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: spartakus - name: spartakus-volunteer -spec: - replicas: 1 - template: - metadata: - labels: - app: spartakus-volunteer - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - volunteer - - --cluster-id=$(USAGE_ID) - - --database=https://stats-collector.kubeflow.org - image: gcr.io/google_containers/spartakus-amd64:v1.1.0 - name: volunteer - env: - - name: USAGE_ID - valueFrom: - configMapKeyRef: - name: spartakus-config - key: usageId - serviceAccountName: spartakus diff --git a/contrib/spartakus/base/kustomization.yaml b/contrib/spartakus/base/kustomization.yaml deleted file mode 100644 index 4087b8d86b..0000000000 --- a/contrib/spartakus/base/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- cluster-role-binding.yaml -- cluster-role.yaml -- deployment.yaml -- service-account.yaml -commonLabels: - kustomize.component: spartakus -images: -- name: gcr.io/google_containers/spartakus-amd64 - newName: gcr.io/google_containers/spartakus-amd64 - newTag: v1.1.0 -configMapGenerator: -- name: spartakus-config - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true -configurations: -- params.yaml diff --git a/contrib/spartakus/base/params.env b/contrib/spartakus/base/params.env deleted file mode 100644 index beafca4201..0000000000 --- a/contrib/spartakus/base/params.env +++ /dev/null @@ -1 +0,0 @@ -usageId=unknown_cluster diff --git a/contrib/spartakus/base/params.yaml b/contrib/spartakus/base/params.yaml deleted file mode 100644 index 6ff80fe2be..0000000000 --- a/contrib/spartakus/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/template/spec/containers/0/args/1 - kind: Deployment diff --git a/contrib/spartakus/base/service-account.yaml b/contrib/spartakus/base/service-account.yaml deleted file mode 100644 index 9e3d193521..0000000000 --- a/contrib/spartakus/base/service-account.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: spartakus - name: spartakus diff --git a/contrib/spartakus/overlays/application/application.yaml b/contrib/spartakus/overlays/application/application.yaml deleted file mode 100644 index 4cf6095c64..0000000000 --- a/contrib/spartakus/overlays/application/application.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: spartakus -spec: - selector: - matchLabels: - app.kubernetes.io/name: spartakus - app.kubernetes.io/instance: spartakus-v0.7.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: spartakus - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.7.0 - componentKinds: - - group: core - kind: ConfigMap - - group: apps - kind: Deployment - - group: core - kind: ServiceAccount - descriptor: - type: spartakus - version: v1beta1 - description: "" - maintainers: [] - owners: [] - keywords: - - spartakus - - kubeflow - links: - - description: About - url: "" - addOwnerRef: true diff --git a/contrib/spartakus/overlays/application/kustomization.yaml b/contrib/spartakus/overlays/application/kustomization.yaml deleted file mode 100644 index 3c900d86b5..0000000000 --- a/contrib/spartakus/overlays/application/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app.kubernetes.io/component: spartakus - app.kubernetes.io/name: spartakus -kind: Kustomization -resources: -- application.yaml From a6d25fdca3d99bc461f48965e7180c878ac5d517 Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:11:49 -0400 Subject: [PATCH 11/12] Remove /contrib/tektoncd Signed-off-by: Anna Jung (VMware) --- contrib/tektoncd/OWNERS | 4 - contrib/tektoncd/README.md | 8 - .../base/cluster-role-binding.yaml | 44 -- .../tektoncd-dashboard/base/cluster-role.yaml | 213 --------- .../tektoncd-dashboard/base/crds.yaml | 42 -- .../tektoncd-dashboard/base/deployment.yaml | 56 --- .../base/kustomization.yaml | 15 - .../tektoncd-dashboard/base/role-binding.yaml | 47 -- .../base/service-account.yaml | 7 - .../tektoncd-dashboard/base/service.yaml | 17 - .../overlays/application/application.yaml | 33 -- .../overlays/application/kustomization.yaml | 24 - .../overlays/application/params.env | 1 - .../overlays/application/params.yaml | 9 - .../overlays/istio/kustomization.yaml | 27 -- .../overlays/istio/params.env | 2 - .../overlays/istio/params.yaml | 3 - .../overlays/istio/virtual-service.yaml | 21 - .../base/cluster-role-binding.yaml | 48 -- .../tektoncd-install/base/cluster-role.yaml | 133 ------ .../tektoncd-install/base/config-map.yaml | 258 ----------- .../tektoncd/tektoncd-install/base/crds.yaml | 420 ------------------ .../tektoncd-install/base/deployment.yaml | 222 --------- .../base/horizontal-pod-autoscaler.yaml | 22 - .../tektoncd-install/base/kustomization.yaml | 133 ------ .../tektoncd-install/base/namespace.yaml | 4 - .../tektoncd/tektoncd-install/base/params.env | 14 - .../tektoncd-install/base/params.yaml | 3 - .../base/pod-security-policy.yaml | 28 -- .../tektoncd-install/base/policy.yaml | 15 - .../tektoncd-install/base/role-binding.yaml | 63 --- .../tektoncd/tektoncd-install/base/role.yaml | 62 --- .../tektoncd-install/base/secret.yaml | 8 - .../base/service-account.yaml | 15 - .../tektoncd-install/base/service.yaml | 51 --- .../base/webhook-configuration.yaml | 53 --- .../overlays/application/application.yaml | 24 - .../overlays/application/kustomization.yaml | 23 - .../overlays/application/params.env | 1 - .../overlays/application/params.yaml | 9 - .../overlays/istio/kustomization.yaml | 29 -- .../overlays/istio/params.env | 2 - .../overlays/istio/params.yaml | 3 - .../overlays/istio/virtual-service.yaml | 20 - 44 files changed, 2236 deletions(-) delete mode 100644 contrib/tektoncd/OWNERS delete mode 100644 contrib/tektoncd/README.md delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/cluster-role-binding.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/cluster-role.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/crds.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/deployment.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/role-binding.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/service-account.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/base/service.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/application/application.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/application/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/application/params.env delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/application/params.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/istio/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.env delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.yaml delete mode 100644 contrib/tektoncd/tektoncd-dashboard/overlays/istio/virtual-service.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/cluster-role-binding.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/cluster-role.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/config-map.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/crds.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/deployment.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/horizontal-pod-autoscaler.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/namespace.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/params.env delete mode 100644 contrib/tektoncd/tektoncd-install/base/params.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/pod-security-policy.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/policy.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/role-binding.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/role.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/secret.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/service-account.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/service.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/base/webhook-configuration.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/application/application.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/application/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/application/params.env delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/application/params.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/istio/kustomization.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/istio/params.env delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/istio/params.yaml delete mode 100644 contrib/tektoncd/tektoncd-install/overlays/istio/virtual-service.yaml diff --git a/contrib/tektoncd/OWNERS b/contrib/tektoncd/OWNERS deleted file mode 100644 index ad1705108d..0000000000 --- a/contrib/tektoncd/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -approvers: - - Tomcli - - animeshsingh - - pvaneck diff --git a/contrib/tektoncd/README.md b/contrib/tektoncd/README.md deleted file mode 100644 index fe85361c58..0000000000 --- a/contrib/tektoncd/README.md +++ /dev/null @@ -1,8 +0,0 @@ -Please note: This component is **unmaintained and out-of-date**. - -The latest tektoncd distribution is now maintained as part of the `kfp-tekton` component release. To deploy tektoncd standalone with kustomize, please use the latest tektoncd kustomization.yaml over [here](/apps/kfp-tekton/upstream/third-party/tekton/base/kustomization.yaml). - -Any components that fails to meet [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)) will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file diff --git a/contrib/tektoncd/tektoncd-dashboard/base/cluster-role-binding.yaml b/contrib/tektoncd/tektoncd-dashboard/base/cluster-role-binding.yaml deleted file mode 100644 index cf4e1826f1..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/cluster-role-binding.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-backend -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-backend -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-tenant -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-tenant -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-extensions -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-extensions -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-dashboard/base/cluster-role.yaml b/contrib/tektoncd/tektoncd-dashboard/base/cluster-role.yaml deleted file mode 100644 index d1e2bb6ca8..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/cluster-role.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-backend -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - tekton.dev - resources: - - clustertasks - - clustertasks/status - verbs: - - get - - list - - watch - - apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - verbs: - - get - - list - - watch - - apiGroups: - - dashboard.tekton.dev - resources: - - extensions - verbs: - - create - - update - - delete - - patch - - apiGroups: - - tekton.dev - resources: - - clustertasks - - clustertasks/status - verbs: - - create - - update - - delete - - patch - - apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - verbs: - - create - - update - - delete - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-dashboard -rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - list ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-extensions ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-pipelines -rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-tenant -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - dashboard.tekton.dev - resources: - - extensions - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - - pods/log - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - - tasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - get - - list - - watch - - apiGroups: - - triggers.tekton.dev - resources: - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - get - - list - - watch - - apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - - taskruns/finalizers - - pipelineruns/finalizers - - tasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - verbs: - - create - - update - - delete - - patch - - apiGroups: - - triggers.tekton.dev - resources: - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - create - - update - - delete - - patch - - add ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-triggers -rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - list diff --git a/contrib/tektoncd/tektoncd-dashboard/base/crds.yaml b/contrib/tektoncd/tektoncd-dashboard/base/crds.yaml deleted file mode 100644 index 2a98fbf023..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/crds.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: extensions.dashboard.tekton.dev -spec: - group: dashboard.tekton.dev - names: - categories: - - tekton - - tekton-dashboard - kind: Extension - plural: extensions - shortNames: - - ext - - exts - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.apiVersion - name: API version - type: string - - jsonPath: .spec.name - name: Kind - type: string - - jsonPath: .spec.displayname - name: Display name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/contrib/tektoncd/tektoncd-dashboard/base/deployment.yaml b/contrib/tektoncd/tektoncd-dashboard/base/deployment.yaml deleted file mode 100644 index dc478e62e3..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - app.kubernetes.io/version: v0.14.0 - dashboard.tekton.dev/release: v0.14.0 - name: tekton-dashboard - namespace: tekton-pipelines -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: tekton-dashboard - template: - metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - app.kubernetes.io/version: v0.14.0 - name: tekton-dashboard - spec: - containers: - - args: - - --port=9097 - - --logout-url= - - --pipelines-namespace=tekton-pipelines - - --triggers-namespace=tekton-pipelines - - --read-only=false - - --log-level=info - - --log-format=json - - --namespace= - - --openshift=false - - --stream-logs=false - - --external-logs= - env: - - name: INSTALLED_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:e36ec9efe78b4bb56a4b1c24d8241bee3a2b477aeef20ff864d1edef31953cd8 - livenessProbe: - httpGet: - path: /health - port: 9097 - name: tekton-dashboard - ports: - - containerPort: 9097 - readinessProbe: - httpGet: - path: /readiness - port: 9097 - securityContext: - runAsNonRoot: true - runAsUser: 65532 - serviceAccountName: tekton-dashboard - volumes: [] diff --git a/contrib/tektoncd/tektoncd-dashboard/base/kustomization.yaml b/contrib/tektoncd/tektoncd-dashboard/base/kustomization.yaml deleted file mode 100644 index ad5a6c18bb..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- crds.yaml -- service-account.yaml -- cluster-role.yaml -- cluster-role-binding.yaml -- deployment.yaml -- service.yaml -- role-binding.yaml -namespace: tekton-pipelines -images: -- name: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard - newName: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard - digest: sha256:e36ec9efe78b4bb56a4b1c24d8241bee3a2b477aeef20ff864d1edef31953cd8 diff --git a/contrib/tektoncd/tektoncd-dashboard/base/role-binding.yaml b/contrib/tektoncd/tektoncd-dashboard/base/role-binding.yaml deleted file mode 100644 index fb416e20cb..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/role-binding.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-pipelines - namespace: tekton-pipelines -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-pipelines -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-dashboard - namespace: tekton-pipelines -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-dashboard -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard-triggers - namespace: tekton-pipelines -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-triggers -subjects: - - kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-dashboard/base/service-account.yaml b/contrib/tektoncd/tektoncd-dashboard/base/service-account.yaml deleted file mode 100644 index 4b2a8d4a07..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/service-account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - name: tekton-dashboard - namespace: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-dashboard/base/service.yaml b/contrib/tektoncd/tektoncd-dashboard/base/service.yaml deleted file mode 100644 index 61b880f017..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/base/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: tekton-dashboard - app.kubernetes.io/version: v0.14.0 - dashboard.tekton.dev/release: v0.14.0 - name: tekton-dashboard - namespace: tekton-pipelines -spec: - ports: - - name: http - port: 9097 - protocol: TCP - targetPort: 9097 - selector: - app.kubernetes.io/component: tekton-dashboard diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/application/application.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/application/application.yaml deleted file mode 100644 index 787437d089..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/application/application.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: $(generateName) -spec: - componentKinds: - - group: apps - kind: Deployment - - group: core - kind: ServiceAccount - - group: core - kind: Service - - group: tekton.dev - kind: Pipeline - - group: tekton.dev - kind: Task - descriptor: - type: tektoncd-dashboard - version: v1beta1 - description: installs tektoncd pipeline dashboard - maintainers: - - name: Kam Kasravi - email: kam.d.kasravi@intel.com - owners: - - name: Kam Kasravi - email: kam.d.kasravi@intel.com - keywords: - - tektoncd-dashboard - - kubeflow - links: - - description: About - url: "https://kubeflow.org" - addOwnerRef: true diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/application/kustomization.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/application/kustomization.yaml deleted file mode 100644 index 5ce788a221..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/application/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app: tekton-dashboard - app.kubernetes.io/component: tektoncd - app.kubernetes.io/name: tektoncd-dashboard -configMapGenerator: -- envs: - - params.env - name: tektoncd-dashboard-app-parameters -configurations: -- params.yaml -kind: Kustomization -resources: -- application.yaml -vars: -- fieldref: - fieldPath: data.generateName - name: generateName - objref: - apiVersion: v1 - kind: ConfigMap - name: tektoncd-dashboard-app-parameters diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.env b/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.env deleted file mode 100644 index 115937b9f8..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.env +++ /dev/null @@ -1 +0,0 @@ -generateName= diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.yaml deleted file mode 100644 index a8d8a85fde..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/application/params.yaml +++ /dev/null @@ -1,9 +0,0 @@ -varReference: -- path: metadata/name - kind: Application -- path: spec/selector/app.kubernetes.io\/instance - kind: Service -- path: spec/selector/matchLabels/app.kubernetes.io\/instance - kind: Deployment -- path: spec/template/metadata/labels/app.kubernetes.io\/instance - kind: Deployment diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/kustomization.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/istio/kustomization.yaml deleted file mode 100644 index 9c9ff5ebc7..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -resources: -- virtual-service.yaml -configMapGenerator: -- name: tektoncd-dashboard-parameters - envs: - - params.env -vars: -- name: namespace - objref: - kind: ConfigMap - name: tektoncd-dashboard-parameters - apiVersion: v1 - fieldref: - fieldpath: data.namespace -- name: clusterDomain - objref: - kind: ConfigMap - name: tektoncd-dashboard-parameters - apiVersion: v1 - fieldref: - fieldpath: data.clusterDomain -configurations: -- params.yaml diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.env b/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.env deleted file mode 100644 index 5023b1c25f..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.env +++ /dev/null @@ -1,2 +0,0 @@ -namespace= -clusterDomain=cluster.local diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.yaml deleted file mode 100644 index eea869e0d4..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/http/route/destination/host - kind: VirtualService diff --git a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/virtual-service.yaml b/contrib/tektoncd/tektoncd-dashboard/overlays/istio/virtual-service.yaml deleted file mode 100644 index 5ddba28475..0000000000 --- a/contrib/tektoncd/tektoncd-dashboard/overlays/istio/virtual-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: tektoncd-dashboard -spec: - gateways: - - kubeflow-gateway - hosts: - - '*' - http: - - match: - - uri: - prefix: /tektoncd-dashboard - rewrite: - uri: /tektoncd-dashboard - route: - - destination: - host: tekton-dashboard.$(namespace).svc.$(clusterDomain) - port: - number: 80 - timeout: 300s diff --git a/contrib/tektoncd/tektoncd-install/base/cluster-role-binding.yaml b/contrib/tektoncd/tektoncd-install/base/cluster-role-binding.yaml deleted file mode 100644 index 49ea01f6fd..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/cluster-role-binding.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-cluster-access - labels: - app.kubernetes.io/component: tekton-pipelines-controller -subjects: - - kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-cluster-access - apiGroup: rbac.authorization.k8s.io ---- -# If this ClusterRoleBinding is replaced with a RoleBinding -# then the ClusterRole would be namespaced. The access described by -# the tekton-pipelines-controller-tenant-access ClusterRole would -# be scoped to individual tenant namespaces. -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-tenant-access - labels: - app.kubernetes.io/component: tekton-pipelines-controller -subjects: - - kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-tenant-access - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-webhook-cluster-access - labels: - app.kubernetes.io/component: tekton-pipelines-webhook -subjects: - - kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-webhook-cluster-access - apiGroup: rbac.authorization.k8s.io diff --git a/contrib/tektoncd/tektoncd-install/base/cluster-role.yaml b/contrib/tektoncd/tektoncd-install/base/cluster-role.yaml deleted file mode 100644 index 6428ec7bac..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/cluster-role.yaml +++ /dev/null @@ -1,133 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller-cluster-access - labels: - app.kubernetes.io/component: tekton-pipelines-controller -rules: - - apiGroups: [""] - # Namespace access is required because the controller timeout handling logic - # iterates over all namespaces and times out any PipelineRuns that have expired. - # Pod access is required because the taskrun controller wants to be updated when - # a Pod underlying a TaskRun changes state. - resources: ["namespaces", "pods"] - verbs: ["list", "watch"] - # Controller needs cluster access to all of the CRDs that it is responsible for - # managing. - - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - # This is the access that the controller needs on a per-namespace basis. - name: tekton-pipelines-controller-tenant-access - labels: - app.kubernetes.io/component: tekton-pipelines-controller -rules: - - apiGroups: [""] - resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - # Unclear if this access is actually required. Simply a hold-over from the previous - # incarnation of the controller's ClusterRole. - - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apps"] - resources: ["deployments/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook-cluster-access - labels: - app.kubernetes.io/component: tekton-pipelines-webhook -rules: - # The webhook needs to be able to list and update customresourcedefinitions, - # mainly to update the webhook certificates. - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "update", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - # The webhook performs a reconciliation on these two resources and continuously - # updates configuration. - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - # knative starts informers on these things, which is why we need get, list and watch. - verbs: ["list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - # This mutating webhook is responsible for applying defaults to tekton objects - # as they are received. - resourceNames: ["webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the mutatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. - # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure - resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the validatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] - - apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: - - apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - get - - list - - watch diff --git a/contrib/tektoncd/tektoncd-install/base/config-map.yaml b/contrib/tektoncd/tektoncd-install/base/config-map.yaml deleted file mode 100644 index 573b7b4a8b..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/config-map.yaml +++ /dev/null @@ -1,258 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-bucket - namespace: tekton-pipelines -# data: -# # location of the gcs bucket to be used for artifact storage -# location: "gs://bucket-name" -# # name of the secret that will contain the credentials for the service account -# # with access to the bucket -# bucket.service.account.secret.name: -# # The key in the secret with the required service account json -# bucket.service.account.secret.key: -# # The field name that should be used for the service account -# # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG. -# bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-pvc - namespace: tekton-pipelines -# data: -# # size of the PVC volume -# size: 5Gi -# -# # storage class of the PVC volume -# storageClassName: storage-class-name - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # default-timeout-minutes contains the default number of - # minutes to use for TaskRun and PipelineRun, if none is specified. - default-timeout-minutes: "60" # 60 minutes - - # default-service-account contains the default service account name - # to use for TaskRun and PipelineRun, if none is specified. - default-service-account: "default" - - # default-managed-by-label-value contains the default value given to the - # "app.kubernetes.io/managed-by" label applied to all Pods created for - # TaskRuns. If a user's requested TaskRun specifies another value for this - # label, the user's request supercedes. - default-managed-by-label-value: "tekton-pipelines" - - # default-pod-template contains the default pod template to use - # TaskRun and PipelineRun, if none is specified. If a pod template - # is specified, the default pod template is ignored. - # default-pod-template: - - # default-cloud-events-sink contains the default CloudEvents sink to be - # used for TaskRun and PipelineRun, when no sink is specified. - # Note that right now it is still not possible to set a PipelineRun or - # TaskRun specific sink, so the default is the only option available. - # If no sink is specified, no CloudEvent is generated - # default-cloud-events-sink: - - # default-task-run-workspace-binding contains the default workspace - # configuration provided for any Workspaces that a Task declares - # but that a TaskRun does not explicitly provide. - # default-task-run-workspace-binding: | - # emptyDir: {} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: feature-flags - namespace: tekton-pipelines -data: - # Setting this flag to "true" will prevent Tekton to create an - # Affinity Assistant for every TaskRun sharing a PVC workspace - # - # The default behaviour is for Tekton to create Affinity Assistants - # - # See more in the workspace documentation about Affinity Assistant - # https://github.com/tektoncd/pipeline/blob/master/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline - # or https://github.com/tektoncd/pipeline/pull/2630 for more info. - disable-affinity-assistant: "false" - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's $HOME environment variable. - # - # The default behaviour currently is for Tekton to override the - # $HOME environment variable but this will change in an upcoming - # release. - # - # See https://github.com/tektoncd/pipeline/issues/2013 for more - # info. - disable-home-env-overwrite: "true" - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's working directory. - # - # The default behaviour currently is for Tekton to override the - # working directory if not set by the user but this will change - # in an upcoming release. - # - # See https://github.com/tektoncd/pipeline/issues/1836 for more - # info. - disable-working-directory-overwrite: "true" - # Setting this flag to "true" will prevent Tekton scanning attached - # service accounts and injecting any credentials it finds into your - # Steps. - # - # The default behaviour currently is for Tekton to search service - # accounts for secrets matching a specified format and automatically - # mount those into your Steps. - # - # Note: setting this to "true" will prevent PipelineResources from - # working. - # - # See https://github.com/tektoncd/pipeline/issues/1836 for more - # info. - disable-creds-init: "false" - # This option should be set to false when Pipelines is running in a - # cluster that does not use injected sidecars such as Istio. Setting - # it to false should decrease the time it takes for a TaskRun to start - # running. For clusters that use injected sidecars, setting this - # option to false can lead to unexpected behavior. - # - # See https://github.com/tektoncd/pipeline/issues/2080 for more info. - running-in-environment-with-injected-sidecars: "true" - # Setting this flag to "true" will require that any Git SSH Secret - # offered to Tekton must have known_hosts included. - # - # See https://github.com/tektoncd/pipeline/issues/2981 for more - # info. - require-git-ssh-secret-known-hosts: "false" - # Setting this flag to "true" enables the use of Tekton OCI bundle. - # This is an experimental feature and thus should still be considered - # an alpha feature. - enable-tekton-oci-bundles: "false" - # Setting this flag to "true" enables the use of custom tasks from - # within pipelines. - # This is an experimental feature and thus should still be considered - # an alpha feature. - enable-custom-tasks: "true" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: tekton-pipelines -data: - # An inactive but valid configuration follows; see example. - leaseDuration: "15s" - renewDeadline: "10s" - retryPeriod: "2s" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: tekton-pipelines -data: - # Common configuration for all knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using Stackdriver will incur additional charges. - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used and metrics will be sent to the cluster's project if this field is - # not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed - # to send metrics to Stackdriver using "global" resource type and custom - # metric type. Setting this flag to "true" could cause extra Stackdriver - # charge. If metrics.backend-destination is not Stackdriver, this is - # ignored. - metrics.allow-stackdriver-custom-metrics: "false" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-registry-cert - namespace: tekton-pipelines -# data: -# # Registry's self-signed certificate -# cert: | diff --git a/contrib/tektoncd/tektoncd-install/base/crds.yaml b/contrib/tektoncd/tektoncd-install/base/crds.yaml deleted file mode 100644 index 330b9f7c30..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/crds.yaml +++ /dev/null @@ -1,420 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustertasks.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - &version - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - !!merge <<: *version - name: v1beta1 - storage: true - names: - kind: ClusterTask - plural: clustertasks - categories: - - tekton - - tekton-pipelines - scope: Cluster - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: conditions.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: Condition - plural: conditions - categories: - - tekton - - tekton-pipelines - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - version: v1alpha1 - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - shortNames: - - img - scope: Namespaced - subresources: - status: {} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: pipelines.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - &version - name: v1alpha1 - served: true - storage: false - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - - !!merge <<: *version - name: v1beta1 - storage: true - names: - kind: Pipeline - plural: pipelines - categories: - - tekton - - tekton-pipelines - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: pipelineruns.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - &version - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - !!merge <<: *version - name: v1beta1 - storage: true - names: - kind: PipelineRun - plural: pipelineruns - categories: - - tekton - - tekton-pipelines - shortNames: - - pr - - prs - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: pipelineresources.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: PipelineResource - plural: pipelineresources - categories: - - tekton - - tekton-pipelines - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: runs.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: Run - plural: runs - categories: - - tekton - - tekton-pipelines - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tasks.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - &version - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - !!merge <<: *version - name: v1beta1 - storage: true - names: - kind: Task - plural: tasks - categories: - - tekton - - tekton-pipelines - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: taskruns.tekton.dev - labels: - pipeline.tekton.dev/release: "v0.21.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - &version - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - !!merge <<: *version - name: v1beta1 - storage: true - names: - kind: TaskRun - plural: taskruns - categories: - - tekton - - tekton-pipelines - shortNames: - - tr - - trs - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-install/base/deployment.yaml b/contrib/tektoncd/tektoncd-install/base/deployment.yaml deleted file mode 100644 index 5b1cd8e7d8..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/deployment.yaml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-controller - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: tekton-pipelines-controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app.kubernetes.io/component: tekton-pipelines-controller - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-controller - spec: - serviceAccountName: tekton-pipelines-controller - containers: - - name: tekton-pipelines-controller - image: $(tekton-registry)/$(controller) - args: [ - # Version, to be replace at release time - "-version", "v0.21.0", - # These images are built on-demand by `ko resolve` and are replaced - # by image references by digest. - "-kubeconfig-writer-image", $(tekton-registry)/$(kubeconfigwriter), - "-git-image", $(tekton-registry)/$(git-init), - "-entrypoint-image", $(tekton-registry)/$(entrypoint), - "-nop-image", $(tekton-registry)/$(nop), - "-imagedigest-exporter-image", $(tekton-registry)/$(imagedigestexporter), - "-pr-image", $(tekton-registry)/$(pullrequest-init), - "-build-gcs-fetcher-image", $(tekton-registry)/$(gcs-fetcher), - # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim - "-gsutil-image", $(gsutil-registry)/$(gsutil), - # The shell image must be root in order to create directories and copy files to PVCs. - # gcr.io/distroless/base:debug as of November 15, 2020 - # image shall not contains tag, so it will be supported on a runtime like cri-o - "-shell-image", $(bash-registry)/$(bash)] - volumeMounts: - - name: config-logging - mountPath: /etc/config-logging - - name: config-registry-cert - mountPath: /etc/config-registry-cert - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # If you are changing these names, you will also need to update - # the controller's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - - name: CONFIG_DEFAULTS_NAME - value: config-defaults - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_ARTIFACT_BUCKET_NAME - value: config-artifact-bucket - - name: CONFIG_ARTIFACT_PVC_NAME - value: config-artifact-pvc - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: SSL_CERT_FILE - value: /etc/config-registry-cert/cert - - name: SSL_CERT_DIR - value: /etc/ssl/certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - # User 65532 is the distroless nonroot user ID - runAsUser: 65532 - runAsGroup: 65532 - ports: - - name: probes - containerPort: 8080 - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - volumes: - - name: config-logging - configMap: - name: config-logging - - name: config-registry-cert - configMap: - name: config-registry-cert ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: tekton-pipelines-webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: tekton-pipelines-webhook - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: $(tekton-registry)/$(webhook) - # Resource request required for autoscaler to take any action for a metric - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # If you are changing these names, you will also need to update - # the webhook's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: tekton-pipelines-webhook - - name: WEBHOOK_SECRET_NAME - value: webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - # User 65532 is the distroless nonroot user ID - runAsUser: 65532 - runAsGroup: 65532 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - - name: probes - containerPort: 8080 - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 diff --git a/contrib/tektoncd/tektoncd-install/base/horizontal-pod-autoscaler.yaml b/contrib/tektoncd/tektoncd-install/base/horizontal-pod-autoscaler.yaml deleted file mode 100644 index 1048f89f37..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/horizontal-pod-autoscaler.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: tekton-pipelines-webhook - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: 100 diff --git a/contrib/tektoncd/tektoncd-install/base/kustomization.yaml b/contrib/tektoncd/tektoncd-install/base/kustomization.yaml deleted file mode 100644 index e9a989ccb1..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/kustomization.yaml +++ /dev/null @@ -1,133 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- namespace.yaml -- crds.yaml -- cluster-role-binding.yaml -- cluster-role.yaml -- config-map.yaml -- pod-security-policy.yaml -- service-account.yaml -- service.yaml -- deployment.yaml -- role.yaml -- role-binding.yaml -- secret.yaml -- webhook-configuration.yaml -- horizontal-pod-autoscaler.yaml -- policy.yaml -namespace: tekton-pipelines -configMapGenerator: -- name: tektoncd-parameters - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true -vars: -- name: tekton-registry - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.tekton-registry -- name: gsutil-registry - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.gsutil-registry -- name: bash-registry - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.bash-registry -- name: entrypoint - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.entrypoint -- name: nop - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.nop -- name: webhook - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.webhook -- name: gcs-fetcher - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.gcs-fetcher -- name: gsutil - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.gsutil -- name: bash - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.bash -- name: git-init - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.git-init -- name: pullrequest-init - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.pullrequest-init -- name: imagedigestexporter - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.imagedigestexporter -- name: kubeconfigwriter - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.kubeconfigwriter -- name: controller - objref: - kind: ConfigMap - name: tektoncd-parameters - apiVersion: v1 - fieldref: - fieldpath: data.controller -configurations: -- params.yaml -images: -- name: $(registry)/$(controller) - newName: $(registry)/$(controller) - newTag: latest -- name: $(registry)/$(webhook) - newName: $(registry)/$(webhook) - newTag: latest diff --git a/contrib/tektoncd/tektoncd-install/base/namespace.yaml b/contrib/tektoncd/tektoncd-install/base/namespace.yaml deleted file mode 100644 index 5439a25ef3..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-install/base/params.env b/contrib/tektoncd/tektoncd-install/base/params.env deleted file mode 100644 index ca4e9c293c..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/params.env +++ /dev/null @@ -1,14 +0,0 @@ -tekton-registry=gcr.io/tekton-releases -gsutil-registry=gcr.io/google.com -bash-registry=gcr.io/distroless -webhook=github.com/tektoncd/pipeline/cmd/webhook:v0.21.0@sha256:1c9c9acf8451fd40ce46dc4069d1b589a7fe1b9e5798652beb4f514e4a17e8cb -nop=github.com/tektoncd/pipeline/cmd/nop:v0.21.0@sha256:8172a046a040a6267888ab9755b48631bbcf92ea58534ae506bb80125ee94cc2 -entrypoint=github.com/tektoncd/pipeline/cmd/entrypoint:v0.21.0@sha256:d5af7d58c2ad222548e7fcaf7d8e8172837df254b49cc636d1f9d0d8c499beb8 -gsutil=cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f -gcs-fetcher=github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.21.0@sha256:41c251a2cc7e7c6e6c0f8d3bc3f0c3cc6a980325e754d4d95570c775a2a80b35 -bash=base@sha256:92720b2305d7315b5426aec19f8651e9e04222991f877cae71f40b3141d2f07e -git-init=github.com/tektoncd/pipeline/cmd/git-init:v0.21.0@sha256:db18a9c1607c8cbbcd72f61d0c4d795b9ff528669deacd5f8a1672e4ef198ffd -pullrequest-init=github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.21.0@sha256:6e2c398d27d5d9f6de3a41ed2d70d9c940e22a648a349c5cb5bbdbb76484c9fe -imagedigestexporter=github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.21.0@sha256:265641edf8fbb19f844f7d2006d1b81927f43fd1b19f037709355938a1e3c78e -kubeconfigwriter=github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.21.0@sha256:1727868bd5a22dd8e45a4efca0a7f0b5b00cd1bbbe97068e60986ae221b828c3 -controller=github.com/tektoncd/pipeline/cmd/controller:v0.21.0@sha256:972ee9c3f43c88495b074bfc0a8350eb34131355ab9ddc5da63c59f64d74e83d diff --git a/contrib/tektoncd/tektoncd-install/base/params.yaml b/contrib/tektoncd/tektoncd-install/base/params.yaml deleted file mode 100644 index 3d38939728..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/template/spec/containers/image - kind: Deployment diff --git a/contrib/tektoncd/tektoncd-install/base/pod-security-policy.yaml b/contrib/tektoncd/tektoncd-install/base/pod-security-policy.yaml deleted file mode 100644 index 107fd03eb2..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/pod-security-policy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tekton-pipelines -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'emptyDir' - - 'configMap' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 diff --git a/contrib/tektoncd/tektoncd-install/base/policy.yaml b/contrib/tektoncd/tektoncd-install/base/policy.yaml deleted file mode 100644 index 8df9f41b69..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" -spec: - minAvailable: 80% - selector: - matchLabels: - app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/contrib/tektoncd/tektoncd-install/base/role-binding.yaml b/contrib/tektoncd/tektoncd-install/base/role-binding.yaml deleted file mode 100644 index dbb1184899..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/role-binding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-controller -subjects: - - kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook -subjects: - - kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-webhook - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-controller-leaderelection - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-controller -subjects: - - kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-leader-election - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-webhook-leaderelection - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook -subjects: - - kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-leader-election - apiGroup: rbac.authorization.k8s.io diff --git a/contrib/tektoncd/tektoncd-install/base/role.yaml b/contrib/tektoncd/tektoncd-install/base/role.yaml deleted file mode 100644 index 16e50901b8..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/role.yaml +++ /dev/null @@ -1,62 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-controller -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] - # The controller needs access to these configmaps for logging information and runtime configuration. - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] - - apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] - # The webhook needs access to these configmaps for logging information. - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-leader-election"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch"] - # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever - # the secret changes it updates the webhook configurations with the certificates - # stored in the secret. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] - resourceNames: ["webhook-certs"] - - apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-leader-election - namespace: tekton-pipelines -rules: - # We uses leases for leaderelection - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/contrib/tektoncd/tektoncd-install/base/secret.yaml b/contrib/tektoncd/tektoncd-install/base/secret.yaml deleted file mode 100644 index 0c5e438b73..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - pipeline.tekton.dev/release: "v0.21.0" diff --git a/contrib/tektoncd/tektoncd-install/base/service-account.yaml b/contrib/tektoncd/tektoncd-install/base/service-account.yaml deleted file mode 100644 index f304c81edb..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/service-account.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/contrib/tektoncd/tektoncd-install/base/service.yaml b/contrib/tektoncd/tektoncd-install/base/service.yaml deleted file mode 100644 index c4690a5525..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: tekton-pipelines-controller - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-controller - name: tekton-pipelines-controller - namespace: tekton-pipelines -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - - name: probes - port: 8080 - selector: - app.kubernetes.io/component: tekton-pipelines-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - app.kubernetes.io/version: "v0.21.0" - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.21.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-webhook - name: tekton-pipelines-webhook - namespace: tekton-pipelines -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - - name: probes - port: 8080 - selector: - app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/contrib/tektoncd/tektoncd-install/base/webhook-configuration.yaml b/contrib/tektoncd/tektoncd-install/base/webhook-configuration.yaml deleted file mode 100644 index c19f273236..0000000000 --- a/contrib/tektoncd/tektoncd-install/base/webhook-configuration.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.pipeline.tekton.dev - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - pipeline.tekton.dev/release: "v0.21.0" -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: validation.webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.pipeline.tekton.dev - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - pipeline.tekton.dev/release: "v0.21.0" -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.pipeline.tekton.dev - labels: - app.kubernetes.io/component: tekton-pipelines-webhook - pipeline.tekton.dev/release: "v0.21.0" -webhooks: - - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: config.webhook.pipeline.tekton.dev - objectSelector: - matchLabels: - app.kubernetes.io/part-of: tekton-pipelines diff --git a/contrib/tektoncd/tektoncd-install/overlays/application/application.yaml b/contrib/tektoncd/tektoncd-install/overlays/application/application.yaml deleted file mode 100644 index 7c1ca672a4..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/application/application.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: $(generateName) -spec: - componentKinds: - - group: app.k8s.io - kind: Application - descriptor: - type: tektoncd-install - version: v1beta1 - description: installs tektoncd pipeline - maintainers: - - name: Kam Kasravi - email: kam.d.kasravi@intel.com - owners: - - name: Kam Kasravi - email: kam.d.kasravi@intel.com - keywords: - - kubeflow - links: - - description: About - url: "https://kubeflow.org" - addOwnerRef: true diff --git a/contrib/tektoncd/tektoncd-install/overlays/application/kustomization.yaml b/contrib/tektoncd/tektoncd-install/overlays/application/kustomization.yaml deleted file mode 100644 index 62926e057e..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/application/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app.kubernetes.io/component: kubeflow - app.kubernetes.io/name: tektoncd-install -configMapGenerator: -- envs: - - params.env - name: tektoncd-install-parameters -configurations: -- params.yaml -kind: Kustomization -resources: -- application.yaml -vars: -- fieldref: - fieldPath: data.generateName - name: generateName - objref: - apiVersion: v1 - kind: ConfigMap - name: tektoncd-install-parameters diff --git a/contrib/tektoncd/tektoncd-install/overlays/application/params.env b/contrib/tektoncd/tektoncd-install/overlays/application/params.env deleted file mode 100644 index 115937b9f8..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/application/params.env +++ /dev/null @@ -1 +0,0 @@ -generateName= diff --git a/contrib/tektoncd/tektoncd-install/overlays/application/params.yaml b/contrib/tektoncd/tektoncd-install/overlays/application/params.yaml deleted file mode 100644 index a8d8a85fde..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/application/params.yaml +++ /dev/null @@ -1,9 +0,0 @@ -varReference: -- path: metadata/name - kind: Application -- path: spec/selector/app.kubernetes.io\/instance - kind: Service -- path: spec/selector/matchLabels/app.kubernetes.io\/instance - kind: Deployment -- path: spec/template/metadata/labels/app.kubernetes.io\/instance - kind: Deployment diff --git a/contrib/tektoncd/tektoncd-install/overlays/istio/kustomization.yaml b/contrib/tektoncd/tektoncd-install/overlays/istio/kustomization.yaml deleted file mode 100644 index bed0d2f2bd..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/istio/kustomization.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -resources: -- virtual-service.yaml -configMapGenerator: -- name: tektoncd-install-istio-parameters - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true -vars: -- name: clusterDomain - objref: - kind: ConfigMap - name: tektoncd-install-istio-parameters - apiVersion: v1 - fieldref: - fieldpath: data.clusterDomain -- name: namespace - objref: - kind: ConfigMap - name: tektoncd-install-istio-parameters - apiVersion: v1 - fieldref: - fieldpath: data.namespace -configurations: -- params.yaml diff --git a/contrib/tektoncd/tektoncd-install/overlays/istio/params.env b/contrib/tektoncd/tektoncd-install/overlays/istio/params.env deleted file mode 100644 index 5023b1c25f..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/istio/params.env +++ /dev/null @@ -1,2 +0,0 @@ -namespace= -clusterDomain=cluster.local diff --git a/contrib/tektoncd/tektoncd-install/overlays/istio/params.yaml b/contrib/tektoncd/tektoncd-install/overlays/istio/params.yaml deleted file mode 100644 index eea869e0d4..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/istio/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/http/route/destination/host - kind: VirtualService diff --git a/contrib/tektoncd/tektoncd-install/overlays/istio/virtual-service.yaml b/contrib/tektoncd/tektoncd-install/overlays/istio/virtual-service.yaml deleted file mode 100644 index 173d7b333b..0000000000 --- a/contrib/tektoncd/tektoncd-install/overlays/istio/virtual-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: tektoncd -spec: - gateways: - - kubeflow-gateway - hosts: - - '*' - http: - - match: - - uri: - prefix: /tektoncd/ - rewrite: - uri: /tektoncd/ - route: - - destination: - host: tekton-pipelines-controller.$(namespace).svc.$(clusterDomain) - port: - number: 80 From 1ced2975b105a24fea86ea7d091296a893bbe01c Mon Sep 17 00:00:00 2001 From: "Anna Jung (VMware)" Date: Fri, 31 Mar 2023 10:18:19 -0400 Subject: [PATCH 12/12] Update README Signed-off-by: Anna Jung (VMware) --- contrib/README.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/contrib/README.md b/contrib/README.md index 642106f637..67a176415c 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -1,7 +1,4 @@ -Please note: This component is **unmaintained and out-of-date**. +The contrib directory contains third-party applications maintained externally. -If the component fails to meet the [contrib requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) - by the next Kubeflow release ([1.7](https://github.com/kubeflow/community/tree/master/releases/release-1.7#timeline)), - it will be removed from the [`manifest`](https://github.com/kubeflow/manifests) repository. - -Updates to the `/contrib` components can be found in the [tracking issue](https://github.com/kubeflow/manifests/issues/2311). \ No newline at end of file +All contrib components must meet the [requirements](https://github.com/kubeflow/manifests/blob/master/proposals/20220926-contrib-component-guidelines.md#component-requirements) + to be considered active and failure to meet them will result in deprecation and removal from the Kubeflow manifest repository. \ No newline at end of file