1467 lines
94 KiB
Plaintext
1467 lines
94 KiB
Plaintext
|
# Copyright YEAR The Jetstack cert-manager contributors.
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
# you may not use this file except in compliance with the License.
|
||
|
# You may obtain a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
|
||
|
---
|
||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
name: challenges.acme.cert-manager.io
|
||
|
annotations:
|
||
|
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
|
||
|
labels:
|
||
|
app: cert-manager
|
||
|
app.kubernetes.io/name: cert-manager
|
||
|
app.kubernetes.io/instance: cert-manager
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
helm.sh/chart: cert-manager-{{ cert_manager_version }}
|
||
|
spec:
|
||
|
additionalPrinterColumns:
|
||
|
- JSONPath: .status.state
|
||
|
name: State
|
||
|
type: string
|
||
|
- JSONPath: .spec.dnsName
|
||
|
name: Domain
|
||
|
type: string
|
||
|
- JSONPath: .status.reason
|
||
|
name: Reason
|
||
|
priority: 1
|
||
|
type: string
|
||
|
- JSONPath: .metadata.creationTimestamp
|
||
|
description: CreationTimestamp is a timestamp representing the server time when
|
||
|
this object was created. It is not guaranteed to be set in happens-before order
|
||
|
across separate operations. Clients may not set this value. It is represented
|
||
|
in RFC3339 form and is in UTC.
|
||
|
name: Age
|
||
|
type: date
|
||
|
group: acme.cert-manager.io
|
||
|
preserveUnknownFields: false
|
||
|
conversion:
|
||
|
# a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources.
|
||
|
strategy: Webhook
|
||
|
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||
|
webhookClientConfig:
|
||
|
service:
|
||
|
namespace: '{{ cert_manager_namespace }}'
|
||
|
name: 'cert-manager-webhook'
|
||
|
path: /convert
|
||
|
names:
|
||
|
kind: Challenge
|
||
|
listKind: ChallengeList
|
||
|
plural: challenges
|
||
|
singular: challenge
|
||
|
scope: Namespaced
|
||
|
subresources:
|
||
|
status: {}
|
||
|
versions:
|
||
|
- name: v1alpha2
|
||
|
served: true
|
||
|
storage: true
|
||
|
- name: v1alpha3
|
||
|
served: true
|
||
|
storage: false
|
||
|
"validation":
|
||
|
"openAPIV3Schema":
|
||
|
description: Challenge is a type to represent a Challenge request with an ACME
|
||
|
server
|
||
|
type: object
|
||
|
required:
|
||
|
- metadata
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: 'APIVersion defines the versioned schema of this representation
|
||
|
of an object. Servers should convert recognized schemas to the latest
|
||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind is a string value representing the REST resource this
|
||
|
object represents. Servers may infer this from the endpoint the client
|
||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
metadata:
|
||
|
type: object
|
||
|
spec:
|
||
|
type: object
|
||
|
required:
|
||
|
- authzURL
|
||
|
- dnsName
|
||
|
- issuerRef
|
||
|
- key
|
||
|
- solver
|
||
|
- token
|
||
|
- type
|
||
|
- url
|
||
|
properties:
|
||
|
authzURL:
|
||
|
description: AuthzURL is the URL to the ACME Authorization resource
|
||
|
that this challenge is a part of.
|
||
|
type: string
|
||
|
dnsName:
|
||
|
description: DNSName is the identifier that this challenge is for, e.g.
|
||
|
example.com. If the requested DNSName is a 'wildcard', this field
|
||
|
MUST be set to the non-wildcard domain, e.g. for `*.example.com`,
|
||
|
it must be `example.com`.
|
||
|
type: string
|
||
|
issuerRef:
|
||
|
description: IssuerRef references a properly configured ACME-type Issuer
|
||
|
which should be used to create this Challenge. If the Issuer does
|
||
|
not exist, processing will be retried. If the Issuer is not an 'ACME'
|
||
|
Issuer, an error will be returned and the Challenge will be marked
|
||
|
as failed.
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
group:
|
||
|
type: string
|
||
|
kind:
|
||
|
type: string
|
||
|
name:
|
||
|
type: string
|
||
|
key:
|
||
|
description: 'Key is the ACME challenge key for this challenge For HTTP01
|
||
|
challenges, this is the value that must be responded with to complete
|
||
|
the HTTP01 challenge in the format: `<private key JWK thumbprint>.<key
|
||
|
from acme server for challenge>`. For DNS01 challenges, this is the
|
||
|
base64 encoded SHA256 sum of the `<private key JWK thumbprint>.<key
|
||
|
from acme server for challenge>` text that must be set as the TXT
|
||
|
record content.'
|
||
|
type: string
|
||
|
solver:
|
||
|
description: Solver contains the domain solving configuration that should
|
||
|
be used to solve this challenge resource.
|
||
|
type: object
|
||
|
properties:
|
||
|
dns01:
|
||
|
type: object
|
||
|
properties:
|
||
|
acmedns:
|
||
|
description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing
|
||
|
the configuration for ACME-DNS servers
|
||
|
type: object
|
||
|
required:
|
||
|
- accountSecretRef
|
||
|
- host
|
||
|
properties:
|
||
|
accountSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
host:
|
||
|
type: string
|
||
|
akamai:
|
||
|
description: ACMEIssuerDNS01ProviderAkamai is a structure containing
|
||
|
the DNS configuration for Akamai DNS—Zone Record Management
|
||
|
API
|
||
|
type: object
|
||
|
required:
|
||
|
- accessTokenSecretRef
|
||
|
- clientSecretSecretRef
|
||
|
- clientTokenSecretRef
|
||
|
- serviceConsumerDomain
|
||
|
properties:
|
||
|
accessTokenSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
clientSecretSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
clientTokenSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
serviceConsumerDomain:
|
||
|
type: string
|
||
|
azuredns:
|
||
|
description: ACMEIssuerDNS01ProviderAzureDNS is a structure
|
||
|
containing the configuration for Azure DNS
|
||
|
type: object
|
||
|
required:
|
||
|
- resourceGroupName
|
||
|
- subscriptionID
|
||
|
properties:
|
||
|
clientID:
|
||
|
description: if both this and ClientSecret are left unset
|
||
|
MSI will be used
|
||
|
type: string
|
||
|
clientSecretSecretRef:
|
||
|
description: if both this and ClientID are left unset MSI
|
||
|
will be used
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
environment:
|
||
|
type: string
|
||
|
enum:
|
||
|
- AzurePublicCloud
|
||
|
- AzureChinaCloud
|
||
|
- AzureGermanCloud
|
||
|
- AzureUSGovernmentCloud
|
||
|
hostedZoneName:
|
||
|
type: string
|
||
|
resourceGroupName:
|
||
|
type: string
|
||
|
subscriptionID:
|
||
|
type: string
|
||
|
tenantID:
|
||
|
description: when specifying ClientID and ClientSecret then
|
||
|
this field is also needed
|
||
|
type: string
|
||
|
clouddns:
|
||
|
description: ACMEIssuerDNS01ProviderCloudDNS is a structure
|
||
|
containing the DNS configuration for Google Cloud DNS
|
||
|
type: object
|
||
|
required:
|
||
|
- project
|
||
|
properties:
|
||
|
project:
|
||
|
type: string
|
||
|
serviceAccountSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
cloudflare:
|
||
|
description: ACMEIssuerDNS01ProviderCloudflare is a structure
|
||
|
containing the DNS configuration for Cloudflare
|
||
|
type: object
|
||
|
required:
|
||
|
- email
|
||
|
properties:
|
||
|
apiKeySecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
apiTokenSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
email:
|
||
|
type: string
|
||
|
cnameStrategy:
|
||
|
description: CNAMEStrategy configures how the DNS01 provider
|
||
|
should handle CNAME records when found in DNS zones.
|
||
|
type: string
|
||
|
enum:
|
||
|
- None
|
||
|
- Follow
|
||
|
digitalocean:
|
||
|
description: ACMEIssuerDNS01ProviderDigitalOcean is a structure
|
||
|
containing the DNS configuration for DigitalOcean Domains
|
||
|
type: object
|
||
|
required:
|
||
|
- tokenSecretRef
|
||
|
properties:
|
||
|
tokenSecretRef:
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
rfc2136:
|
||
|
description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing
|
||
|
the configuration for RFC2136 DNS
|
||
|
type: object
|
||
|
required:
|
||
|
- nameserver
|
||
|
properties:
|
||
|
nameserver:
|
||
|
description: The IP address or hostname of an authoritative
|
||
|
DNS server supporting RFC2136 in the form host:port. If
|
||
|
the host is an IPv6 address it must be enclosed in square
|
||
|
brackets (e.g [2001:db8::1]) ; port is optional. This
|
||
|
field is required.
|
||
|
type: string
|
||
|
tsigAlgorithm:
|
||
|
description: 'The TSIG Algorithm configured in the DNS supporting
|
||
|
RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName``
|
||
|
are defined. Supported values are (case-insensitive):
|
||
|
``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or
|
||
|
``HMACSHA512``.'
|
||
|
type: string
|
||
|
tsigKeyName:
|
||
|
description: The TSIG Key name configured in the DNS. If
|
||
|
``tsigSecretSecretRef`` is defined, this field is required.
|
||
|
type: string
|
||
|
tsigSecretSecretRef:
|
||
|
description: The name of the secret containing the TSIG
|
||
|
value. If ``tsigKeyName`` is defined, this field is required.
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
route53:
|
||
|
description: ACMEIssuerDNS01ProviderRoute53 is a structure containing
|
||
|
the Route 53 configuration for AWS
|
||
|
type: object
|
||
|
required:
|
||
|
- region
|
||
|
properties:
|
||
|
accessKeyID:
|
||
|
description: 'The AccessKeyID is used for authentication.
|
||
|
If not set we fall-back to using env vars, shared credentials
|
||
|
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
|
||
|
type: string
|
||
|
hostedZoneID:
|
||
|
description: If set, the provider will manage only this
|
||
|
zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName
|
||
|
api call.
|
||
|
type: string
|
||
|
region:
|
||
|
description: Always set the region when using AccessKeyID
|
||
|
and SecretAccessKey
|
||
|
type: string
|
||
|
role:
|
||
|
description: Role is a Role ARN which the Route53 provider
|
||
|
will assume using either the explicit credentials AccessKeyID/SecretAccessKey
|
||
|
or the inferred credentials from environment variables,
|
||
|
shared credentials file or AWS Instance metadata
|
||
|
type: string
|
||
|
secretAccessKeySecretRef:
|
||
|
description: The SecretAccessKey is used for authentication.
|
||
|
If not set we fall-back to using env vars, shared credentials
|
||
|
file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
|
||
|
type: object
|
||
|
required:
|
||
|
- name
|
||
|
properties:
|
||
|
key:
|
||
|
description: The key of the secret to select from. Must
|
||
|
be a valid secret key.
|
||
|
type: string
|
||
|
name:
|
||
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
|
type: string
|
||
|
webhook:
|
||
|
description: ACMEIssuerDNS01ProviderWebhook specifies configuration
|
||
|
for a webhook DNS01 provider, including where to POST ChallengePayload
|
||
|
resources.
|
||
|
type: object
|
||
|
required:
|
||
|
- groupName
|
||
|
- solverName
|
||
|
properties:
|
||
|
config:
|
||
|
description: Additional configuration that should be passed
|
||
|
to the webhook apiserver when challenges are processed.
|
||
|
This can contain arbitrary JSON data. Secret values should
|
||
|
not be specified in this stanza. If secret values are
|
||
|
needed (e.g. credentials for a DNS service), you should
|
||
|
use a SecretKeySelector to reference a Secret resource.
|
||
|
For details on the schema of this field, consult the webhook
|
||
|
provider implementation's documentation.
|
||
|
x-kubernetes-preserve-unknown-fields: true
|
||
|
groupName:
|
||
|
description: The API group name that should be used when
|
||
|
POSTing ChallengePayload resources to the webhook apiserver.
|
||
|
This should be the same as the GroupName specified in
|
||
|
the webhook provider implementation.
|
||
|
type: string
|
||
|
solverName:
|
||
|
description: The name of the solver to use, as defined in
|
||
|
the webhook provider implementation. This will typically
|
||
|
be the name of the provider, e.g. 'cloudflare'.
|
||
|
type: string
|
||
|
http01:
|
||
|
description: ACMEChallengeSolverHTTP01 contains configuration detailing
|
||
|
how to solve HTTP01 challenges within a Kubernetes cluster. Typically
|
||
|
this is accomplished through creating 'routes' of some description
|
||
|
that configure ingress controllers to direct traffic to 'solver
|
||
|
pods', which are responsible for responding to the ACME server's
|
||
|
HTTP requests.
|
||
|
type: object
|
||
|
properties:
|
||
|
ingress:
|
||
|
description: The ingress based HTTP01 challenge solver will
|
||
|
solve challenges by creating or modifying Ingress resources
|
||
|
in order to route requests for '/.well-known/acme-challenge/XYZ'
|
||
|
to 'challenge solver' pods that are provisioned by cert-manager
|
||
|
for each Challenge to be completed.
|
||
|
type: object
|
||
|
properties:
|
||
|
class:
|
||
|
description: The ingress class to use when creating Ingress
|
||
|
resources to solve ACME challenges that use this challenge
|
||
|
solver. Only one of 'class' or 'name' may be specified.
|
||
|
type: string
|
||
|
ingressTemplate:
|
||
|
description: Optional ingress template used to configure
|
||
|
the ACME challenge solver ingress used for HTTP01 challenges
|
||
|
type: object
|
||
|
properties:
|
||
|
metadata:
|
||
|
description: ObjectMeta overrides for the ingress used
|
||
|
to solve HTTP01 challenges. Only the 'labels' and
|
||
|
'annotations' fields may be set. If labels or annotations
|
||
|
overlap with in-built values, the values here will
|
||
|
override the in-built values.
|
||
|
type: object
|
||
|
properties:
|
||
|
annotations:
|
||
|
description: Annotations that should be added to
|
||
|
the created ACME HTTP01 solver ingress.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
labels:
|
||
|
description: Labels that should be added to the
|
||
|
created ACME HTTP01 solver ingress.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
name:
|
||
|
description: The name of the ingress resource that should
|
||
|
have ACME challenge solving routes inserted into it in
|
||
|
order to solve HTTP01 challenges. This is typically used
|
||
|
in conjunction with ingress controllers like ingress-gce,
|
||
|
which maintains a 1:1 mapping between external IPs and
|
||
|
ingress resources.
|
||
|
type: string
|
||
|
podTemplate:
|
||
|
description: Optional pod template used to configure the
|
||
|
ACME challenge solver pods used for HTTP01 challenges
|
||
|
type: object
|
||
|
properties:
|
||
|
metadata:
|
||
|
description: ObjectMeta overrides for the pod used to
|
||
|
solve HTTP01 challenges. Only the 'labels' and 'annotations'
|
||
|
fields may be set. If labels or annotations overlap
|
||
|
with in-built values, the values here will override
|
||
|
the in-built values.
|
||
|
type: object
|
||
|
properties:
|
||
|
annotations:
|
||
|
description: Annotations that should be added to
|
||
|
the create ACME HTTP01 solver pods.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
labels:
|
||
|
description: Labels that should be added to the
|
||
|
created ACME HTTP01 solver pods.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
spec:
|
||
|
description: PodSpec defines overrides for the HTTP01
|
||
|
challenge solver pod. Only the 'nodeSelector', 'affinity'
|
||
|
and 'tolerations' fields are supported currently.
|
||
|
All other fields will be ignored.
|
||
|
type: object
|
||
|
properties:
|
||
|
affinity:
|
||
|
description: If specified, the pod's scheduling
|
||
|
constraints
|
||
|
type: object
|
||
|
properties:
|
||
|
nodeAffinity:
|
||
|
description: Describes node affinity scheduling
|
||
|
rules for the pod.
|
||
|
type: object
|
||
|
properties:
|
||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: The scheduler will prefer to
|
||
|
schedule pods to nodes that satisfy the
|
||
|
affinity expressions specified by this
|
||
|
field, but it may choose a node that violates
|
||
|
one or more of the expressions. The node
|
||
|
that is most preferred is the one with
|
||
|
the greatest sum of weights, i.e. for
|
||
|
each node that meets all of the scheduling
|
||
|
requirements (resource request, requiredDuringScheduling
|
||
|
affinity expressions, etc.), compute a
|
||
|
sum by iterating through the elements
|
||
|
of this field and adding "weight" to the
|
||
|
sum if the node matches the corresponding
|
||
|
matchExpressions; the node(s) with the
|
||
|
highest sum are the most preferred.
|
||
|
type: array
|
||
|
items:
|
||
|
description: An empty preferred scheduling
|
||
|
term matches all objects with implicit
|
||
|
weight 0 (i.e. it's a no-op). A null
|
||
|
preferred scheduling term matches no
|
||
|
objects (i.e. is also a no-op).
|
||
|
type: object
|
||
|
required:
|
||
|
- preference
|
||
|
- weight
|
||
|
properties:
|
||
|
preference:
|
||
|
description: A node selector term,
|
||
|
associated with the corresponding
|
||
|
weight.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: A list of node selector
|
||
|
requirements by node's labels.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A node selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: The label key
|
||
|
that the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: Represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists, DoesNotExist.
|
||
|
Gt, and Lt.
|
||
|
type: string
|
||
|
values:
|
||
|
description: An array of
|
||
|
string values. If the
|
||
|
operator is In or NotIn,
|
||
|
the values array must
|
||
|
be non-empty. If the operator
|
||
|
is Exists or DoesNotExist,
|
||
|
the values array must
|
||
|
be empty. If the operator
|
||
|
is Gt or Lt, the values
|
||
|
array must have a single
|
||
|
element, which will be
|
||
|
interpreted as an integer.
|
||
|
This array is replaced
|
||
|
during a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchFields:
|
||
|
description: A list of node selector
|
||
|
requirements by node's fields.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A node selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: The label key
|
||
|
that the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: Represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists, DoesNotExist.
|
||
|
Gt, and Lt.
|
||
|
type: string
|
||
|
values:
|
||
|
description: An array of
|
||
|
string values. If the
|
||
|
operator is In or NotIn,
|
||
|
the values array must
|
||
|
be non-empty. If the operator
|
||
|
is Exists or DoesNotExist,
|
||
|
the values array must
|
||
|
be empty. If the operator
|
||
|
is Gt or Lt, the values
|
||
|
array must have a single
|
||
|
element, which will be
|
||
|
interpreted as an integer.
|
||
|
This array is replaced
|
||
|
during a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
weight:
|
||
|
description: Weight associated with
|
||
|
matching the corresponding nodeSelectorTerm,
|
||
|
in the range 1-100.
|
||
|
type: integer
|
||
|
format: int32
|
||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: If the affinity requirements
|
||
|
specified by this field are not met at
|
||
|
scheduling time, the pod will not be scheduled
|
||
|
onto the node. If the affinity requirements
|
||
|
specified by this field cease to be met
|
||
|
at some point during pod execution (e.g.
|
||
|
due to an update), the system may or may
|
||
|
not try to eventually evict the pod from
|
||
|
its node.
|
||
|
type: object
|
||
|
required:
|
||
|
- nodeSelectorTerms
|
||
|
properties:
|
||
|
nodeSelectorTerms:
|
||
|
description: Required. A list of node
|
||
|
selector terms. The terms are ORed.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A null or empty node
|
||
|
selector term matches no objects.
|
||
|
The requirements of them are ANDed.
|
||
|
The TopologySelectorTerm type implements
|
||
|
a subset of the NodeSelectorTerm.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: A list of node selector
|
||
|
requirements by node's labels.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A node selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: The label key
|
||
|
that the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: Represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists, DoesNotExist.
|
||
|
Gt, and Lt.
|
||
|
type: string
|
||
|
values:
|
||
|
description: An array of
|
||
|
string values. If the
|
||
|
operator is In or NotIn,
|
||
|
the values array must
|
||
|
be non-empty. If the operator
|
||
|
is Exists or DoesNotExist,
|
||
|
the values array must
|
||
|
be empty. If the operator
|
||
|
is Gt or Lt, the values
|
||
|
array must have a single
|
||
|
element, which will be
|
||
|
interpreted as an integer.
|
||
|
This array is replaced
|
||
|
during a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchFields:
|
||
|
description: A list of node selector
|
||
|
requirements by node's fields.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A node selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: The label key
|
||
|
that the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: Represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists, DoesNotExist.
|
||
|
Gt, and Lt.
|
||
|
type: string
|
||
|
values:
|
||
|
description: An array of
|
||
|
string values. If the
|
||
|
operator is In or NotIn,
|
||
|
the values array must
|
||
|
be non-empty. If the operator
|
||
|
is Exists or DoesNotExist,
|
||
|
the values array must
|
||
|
be empty. If the operator
|
||
|
is Gt or Lt, the values
|
||
|
array must have a single
|
||
|
element, which will be
|
||
|
interpreted as an integer.
|
||
|
This array is replaced
|
||
|
during a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
podAffinity:
|
||
|
description: Describes pod affinity scheduling
|
||
|
rules (e.g. co-locate this pod in the same
|
||
|
node, zone, etc. as some other pod(s)).
|
||
|
type: object
|
||
|
properties:
|
||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: The scheduler will prefer to
|
||
|
schedule pods to nodes that satisfy the
|
||
|
affinity expressions specified by this
|
||
|
field, but it may choose a node that violates
|
||
|
one or more of the expressions. The node
|
||
|
that is most preferred is the one with
|
||
|
the greatest sum of weights, i.e. for
|
||
|
each node that meets all of the scheduling
|
||
|
requirements (resource request, requiredDuringScheduling
|
||
|
affinity expressions, etc.), compute a
|
||
|
sum by iterating through the elements
|
||
|
of this field and adding "weight" to the
|
||
|
sum if the node has pods which matches
|
||
|
the corresponding podAffinityTerm; the
|
||
|
node(s) with the highest sum are the most
|
||
|
preferred.
|
||
|
type: array
|
||
|
items:
|
||
|
description: The weights of all of the
|
||
|
matched WeightedPodAffinityTerm fields
|
||
|
are added per-node to find the most
|
||
|
preferred node(s)
|
||
|
type: object
|
||
|
required:
|
||
|
- podAffinityTerm
|
||
|
- weight
|
||
|
properties:
|
||
|
podAffinityTerm:
|
||
|
description: Required. A pod affinity
|
||
|
term, associated with the corresponding
|
||
|
weight.
|
||
|
type: object
|
||
|
required:
|
||
|
- topologyKey
|
||
|
properties:
|
||
|
labelSelector:
|
||
|
description: A label query over
|
||
|
a set of resources, in this
|
||
|
case pods.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: matchExpressions
|
||
|
is a list of label selector
|
||
|
requirements. The requirements
|
||
|
are ANDed.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A label selector
|
||
|
requirement is a selector
|
||
|
that contains values,
|
||
|
a key, and an operator
|
||
|
that relates the key and
|
||
|
values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: key is
|
||
|
the label key that
|
||
|
the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: operator
|
||
|
represents a key's
|
||
|
relationship to a
|
||
|
set of values. Valid
|
||
|
operators are In,
|
||
|
NotIn, Exists and
|
||
|
DoesNotExist.
|
||
|
type: string
|
||
|
values:
|
||
|
description: values
|
||
|
is an array of string
|
||
|
values. If the operator
|
||
|
is In or NotIn, the
|
||
|
values array must
|
||
|
be non-empty. If the
|
||
|
operator is Exists
|
||
|
or DoesNotExist, the
|
||
|
values array must
|
||
|
be empty. This array
|
||
|
is replaced during
|
||
|
a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchLabels:
|
||
|
description: matchLabels is
|
||
|
a map of {key,value} pairs.
|
||
|
A single {key,value} in
|
||
|
the matchLabels map is equivalent
|
||
|
to an element of matchExpressions,
|
||
|
whose key field is "key",
|
||
|
the operator is "In", and
|
||
|
the values array contains
|
||
|
only "value". The requirements
|
||
|
are ANDed.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
namespaces:
|
||
|
description: namespaces specifies
|
||
|
which namespaces the labelSelector
|
||
|
applies to (matches against);
|
||
|
null or empty list means "this
|
||
|
pod's namespace"
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
topologyKey:
|
||
|
description: This pod should be
|
||
|
co-located (affinity) or not
|
||
|
co-located (anti-affinity) with
|
||
|
the pods matching the labelSelector
|
||
|
in the specified namespaces,
|
||
|
where co-located is defined
|
||
|
as running on a node whose value
|
||
|
of the label with key topologyKey
|
||
|
matches that of any node on
|
||
|
which any of the selected pods
|
||
|
is running. Empty topologyKey
|
||
|
is not allowed.
|
||
|
type: string
|
||
|
weight:
|
||
|
description: weight associated with
|
||
|
matching the corresponding podAffinityTerm,
|
||
|
in the range 1-100.
|
||
|
type: integer
|
||
|
format: int32
|
||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: If the affinity requirements
|
||
|
specified by this field are not met at
|
||
|
scheduling time, the pod will not be scheduled
|
||
|
onto the node. If the affinity requirements
|
||
|
specified by this field cease to be met
|
||
|
at some point during pod execution (e.g.
|
||
|
due to a pod label update), the system
|
||
|
may or may not try to eventually evict
|
||
|
the pod from its node. When there are
|
||
|
multiple elements, the lists of nodes
|
||
|
corresponding to each podAffinityTerm
|
||
|
are intersected, i.e. all terms must be
|
||
|
satisfied.
|
||
|
type: array
|
||
|
items:
|
||
|
description: Defines a set of pods (namely
|
||
|
those matching the labelSelector relative
|
||
|
to the given namespace(s)) that this
|
||
|
pod should be co-located (affinity)
|
||
|
or not co-located (anti-affinity) with,
|
||
|
where co-located is defined as running
|
||
|
on a node whose value of the label with
|
||
|
key <topologyKey> matches that of any
|
||
|
node on which a pod of the set of pods
|
||
|
is running
|
||
|
type: object
|
||
|
required:
|
||
|
- topologyKey
|
||
|
properties:
|
||
|
labelSelector:
|
||
|
description: A label query over a
|
||
|
set of resources, in this case pods.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: matchExpressions
|
||
|
is a list of label selector
|
||
|
requirements. The requirements
|
||
|
are ANDed.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A label selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: key is the
|
||
|
label key that the selector
|
||
|
applies to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: operator represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists and DoesNotExist.
|
||
|
type: string
|
||
|
values:
|
||
|
description: values is an
|
||
|
array of string values.
|
||
|
If the operator is In
|
||
|
or NotIn, the values array
|
||
|
must be non-empty. If
|
||
|
the operator is Exists
|
||
|
or DoesNotExist, the values
|
||
|
array must be empty. This
|
||
|
array is replaced during
|
||
|
a strategic merge patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchLabels:
|
||
|
description: matchLabels is a
|
||
|
map of {key,value} pairs. A
|
||
|
single {key,value} in the matchLabels
|
||
|
map is equivalent to an element
|
||
|
of matchExpressions, whose key
|
||
|
field is "key", the operator
|
||
|
is "In", and the values array
|
||
|
contains only "value". The requirements
|
||
|
are ANDed.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
namespaces:
|
||
|
description: namespaces specifies
|
||
|
which namespaces the labelSelector
|
||
|
applies to (matches against); null
|
||
|
or empty list means "this pod's
|
||
|
namespace"
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
topologyKey:
|
||
|
description: This pod should be co-located
|
||
|
(affinity) or not co-located (anti-affinity)
|
||
|
with the pods matching the labelSelector
|
||
|
in the specified namespaces, where
|
||
|
co-located is defined as running
|
||
|
on a node whose value of the label
|
||
|
with key topologyKey matches that
|
||
|
of any node on which any of the
|
||
|
selected pods is running. Empty
|
||
|
topologyKey is not allowed.
|
||
|
type: string
|
||
|
podAntiAffinity:
|
||
|
description: Describes pod anti-affinity scheduling
|
||
|
rules (e.g. avoid putting this pod in the
|
||
|
same node, zone, etc. as some other pod(s)).
|
||
|
type: object
|
||
|
properties:
|
||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: The scheduler will prefer to
|
||
|
schedule pods to nodes that satisfy the
|
||
|
anti-affinity expressions specified by
|
||
|
this field, but it may choose a node that
|
||
|
violates one or more of the expressions.
|
||
|
The node that is most preferred is the
|
||
|
one with the greatest sum of weights,
|
||
|
i.e. for each node that meets all of the
|
||
|
scheduling requirements (resource request,
|
||
|
requiredDuringScheduling anti-affinity
|
||
|
expressions, etc.), compute a sum by iterating
|
||
|
through the elements of this field and
|
||
|
adding "weight" to the sum if the node
|
||
|
has pods which matches the corresponding
|
||
|
podAffinityTerm; the node(s) with the
|
||
|
highest sum are the most preferred.
|
||
|
type: array
|
||
|
items:
|
||
|
description: The weights of all of the
|
||
|
matched WeightedPodAffinityTerm fields
|
||
|
are added per-node to find the most
|
||
|
preferred node(s)
|
||
|
type: object
|
||
|
required:
|
||
|
- podAffinityTerm
|
||
|
- weight
|
||
|
properties:
|
||
|
podAffinityTerm:
|
||
|
description: Required. A pod affinity
|
||
|
term, associated with the corresponding
|
||
|
weight.
|
||
|
type: object
|
||
|
required:
|
||
|
- topologyKey
|
||
|
properties:
|
||
|
labelSelector:
|
||
|
description: A label query over
|
||
|
a set of resources, in this
|
||
|
case pods.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: matchExpressions
|
||
|
is a list of label selector
|
||
|
requirements. The requirements
|
||
|
are ANDed.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A label selector
|
||
|
requirement is a selector
|
||
|
that contains values,
|
||
|
a key, and an operator
|
||
|
that relates the key and
|
||
|
values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: key is
|
||
|
the label key that
|
||
|
the selector applies
|
||
|
to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: operator
|
||
|
represents a key's
|
||
|
relationship to a
|
||
|
set of values. Valid
|
||
|
operators are In,
|
||
|
NotIn, Exists and
|
||
|
DoesNotExist.
|
||
|
type: string
|
||
|
values:
|
||
|
description: values
|
||
|
is an array of string
|
||
|
values. If the operator
|
||
|
is In or NotIn, the
|
||
|
values array must
|
||
|
be non-empty. If the
|
||
|
operator is Exists
|
||
|
or DoesNotExist, the
|
||
|
values array must
|
||
|
be empty. This array
|
||
|
is replaced during
|
||
|
a strategic merge
|
||
|
patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchLabels:
|
||
|
description: matchLabels is
|
||
|
a map of {key,value} pairs.
|
||
|
A single {key,value} in
|
||
|
the matchLabels map is equivalent
|
||
|
to an element of matchExpressions,
|
||
|
whose key field is "key",
|
||
|
the operator is "In", and
|
||
|
the values array contains
|
||
|
only "value". The requirements
|
||
|
are ANDed.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
namespaces:
|
||
|
description: namespaces specifies
|
||
|
which namespaces the labelSelector
|
||
|
applies to (matches against);
|
||
|
null or empty list means "this
|
||
|
pod's namespace"
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
topologyKey:
|
||
|
description: This pod should be
|
||
|
co-located (affinity) or not
|
||
|
co-located (anti-affinity) with
|
||
|
the pods matching the labelSelector
|
||
|
in the specified namespaces,
|
||
|
where co-located is defined
|
||
|
as running on a node whose value
|
||
|
of the label with key topologyKey
|
||
|
matches that of any node on
|
||
|
which any of the selected pods
|
||
|
is running. Empty topologyKey
|
||
|
is not allowed.
|
||
|
type: string
|
||
|
weight:
|
||
|
description: weight associated with
|
||
|
matching the corresponding podAffinityTerm,
|
||
|
in the range 1-100.
|
||
|
type: integer
|
||
|
format: int32
|
||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
description: If the anti-affinity requirements
|
||
|
specified by this field are not met at
|
||
|
scheduling time, the pod will not be scheduled
|
||
|
onto the node. If the anti-affinity requirements
|
||
|
specified by this field cease to be met
|
||
|
at some point during pod execution (e.g.
|
||
|
due to a pod label update), the system
|
||
|
may or may not try to eventually evict
|
||
|
the pod from its node. When there are
|
||
|
multiple elements, the lists of nodes
|
||
|
corresponding to each podAffinityTerm
|
||
|
are intersected, i.e. all terms must be
|
||
|
satisfied.
|
||
|
type: array
|
||
|
items:
|
||
|
description: Defines a set of pods (namely
|
||
|
those matching the labelSelector relative
|
||
|
to the given namespace(s)) that this
|
||
|
pod should be co-located (affinity)
|
||
|
or not co-located (anti-affinity) with,
|
||
|
where co-located is defined as running
|
||
|
on a node whose value of the label with
|
||
|
key <topologyKey> matches that of any
|
||
|
node on which a pod of the set of pods
|
||
|
is running
|
||
|
type: object
|
||
|
required:
|
||
|
- topologyKey
|
||
|
properties:
|
||
|
labelSelector:
|
||
|
description: A label query over a
|
||
|
set of resources, in this case pods.
|
||
|
type: object
|
||
|
properties:
|
||
|
matchExpressions:
|
||
|
description: matchExpressions
|
||
|
is a list of label selector
|
||
|
requirements. The requirements
|
||
|
are ANDed.
|
||
|
type: array
|
||
|
items:
|
||
|
description: A label selector
|
||
|
requirement is a selector
|
||
|
that contains values, a key,
|
||
|
and an operator that relates
|
||
|
the key and values.
|
||
|
type: object
|
||
|
required:
|
||
|
- key
|
||
|
- operator
|
||
|
properties:
|
||
|
key:
|
||
|
description: key is the
|
||
|
label key that the selector
|
||
|
applies to.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: operator represents
|
||
|
a key's relationship to
|
||
|
a set of values. Valid
|
||
|
operators are In, NotIn,
|
||
|
Exists and DoesNotExist.
|
||
|
type: string
|
||
|
values:
|
||
|
description: values is an
|
||
|
array of string values.
|
||
|
If the operator is In
|
||
|
or NotIn, the values array
|
||
|
must be non-empty. If
|
||
|
the operator is Exists
|
||
|
or DoesNotExist, the values
|
||
|
array must be empty. This
|
||
|
array is replaced during
|
||
|
a strategic merge patch.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchLabels:
|
||
|
description: matchLabels is a
|
||
|
map of {key,value} pairs. A
|
||
|
single {key,value} in the matchLabels
|
||
|
map is equivalent to an element
|
||
|
of matchExpressions, whose key
|
||
|
field is "key", the operator
|
||
|
is "In", and the values array
|
||
|
contains only "value". The requirements
|
||
|
are ANDed.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
namespaces:
|
||
|
description: namespaces specifies
|
||
|
which namespaces the labelSelector
|
||
|
applies to (matches against); null
|
||
|
or empty list means "this pod's
|
||
|
namespace"
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
topologyKey:
|
||
|
description: This pod should be co-located
|
||
|
(affinity) or not co-located (anti-affinity)
|
||
|
with the pods matching the labelSelector
|
||
|
in the specified namespaces, where
|
||
|
co-located is defined as running
|
||
|
on a node whose value of the label
|
||
|
with key topologyKey matches that
|
||
|
of any node on which any of the
|
||
|
selected pods is running. Empty
|
||
|
topologyKey is not allowed.
|
||
|
type: string
|
||
|
nodeSelector:
|
||
|
description: 'NodeSelector is a selector which must
|
||
|
be true for the pod to fit on a node. Selector
|
||
|
which must match a node''s labels for the pod
|
||
|
to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
tolerations:
|
||
|
description: If specified, the pod's tolerations.
|
||
|
type: array
|
||
|
items:
|
||
|
description: The pod this Toleration is attached
|
||
|
to tolerates any taint that matches the triple
|
||
|
<key,value,effect> using the matching operator
|
||
|
<operator>.
|
||
|
type: object
|
||
|
properties:
|
||
|
effect:
|
||
|
description: Effect indicates the taint effect
|
||
|
to match. Empty means match all taint effects.
|
||
|
When specified, allowed values are NoSchedule,
|
||
|
PreferNoSchedule and NoExecute.
|
||
|
type: string
|
||
|
key:
|
||
|
description: Key is the taint key that the
|
||
|
toleration applies to. Empty means match
|
||
|
all taint keys. If the key is empty, operator
|
||
|
must be Exists; this combination means to
|
||
|
match all values and all keys.
|
||
|
type: string
|
||
|
operator:
|
||
|
description: Operator represents a key's relationship
|
||
|
to the value. Valid operators are Exists
|
||
|
and Equal. Defaults to Equal. Exists is
|
||
|
equivalent to wildcard for value, so that
|
||
|
a pod can tolerate all taints of a particular
|
||
|
category.
|
||
|
type: string
|
||
|
tolerationSeconds:
|
||
|
description: TolerationSeconds represents
|
||
|
the period of time the toleration (which
|
||
|
must be of effect NoExecute, otherwise this
|
||
|
field is ignored) tolerates the taint. By
|
||
|
default, it is not set, which means tolerate
|
||
|
the taint forever (do not evict). Zero and
|
||
|
negative values will be treated as 0 (evict
|
||
|
immediately) by the system.
|
||
|
type: integer
|
||
|
format: int64
|
||
|
value:
|
||
|
description: Value is the taint value the
|
||
|
toleration matches to. If the operator is
|
||
|
Exists, the value should be empty, otherwise
|
||
|
just a regular string.
|
||
|
type: string
|
||
|
serviceType:
|
||
|
description: Optional service type for Kubernetes solver
|
||
|
service
|
||
|
type: string
|
||
|
selector:
|
||
|
description: Selector selects a set of DNSNames on the Certificate
|
||
|
resource that should be solved using this challenge solver.
|
||
|
type: object
|
||
|
properties:
|
||
|
dnsNames:
|
||
|
description: List of DNSNames that this solver will be used
|
||
|
to solve. If specified and a match is found, a dnsNames selector
|
||
|
will take precedence over a dnsZones selector. If multiple
|
||
|
solvers match with the same dnsNames value, the solver with
|
||
|
the most matching labels in matchLabels will be selected.
|
||
|
If neither has more matches, the solver defined earlier in
|
||
|
the list will be selected.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
dnsZones:
|
||
|
description: List of DNSZones that this solver will be used
|
||
|
to solve. The most specific DNS zone match specified here
|
||
|
will take precedence over other DNS zone matches, so a solver
|
||
|
specifying sys.example.com will be selected over one specifying
|
||
|
example.com for the domain www.sys.example.com. If multiple
|
||
|
solvers match with the same dnsZones value, the solver with
|
||
|
the most matching labels in matchLabels will be selected.
|
||
|
If neither has more matches, the solver defined earlier in
|
||
|
the list will be selected.
|
||
|
type: array
|
||
|
items:
|
||
|
type: string
|
||
|
matchLabels:
|
||
|
description: A label selector that is used to refine the set
|
||
|
of certificate's that this challenge solver will apply to.
|
||
|
type: object
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
token:
|
||
|
description: Token is the ACME challenge token for this challenge. This
|
||
|
is the raw value returned from the ACME server.
|
||
|
type: string
|
||
|
type:
|
||
|
description: Type is the type of ACME challenge this resource represents,
|
||
|
e.g. "dns01" or "http01".
|
||
|
type: string
|
||
|
url:
|
||
|
description: URL is the URL of the ACME Challenge resource for this
|
||
|
challenge. This can be used to lookup details about the status of
|
||
|
this challenge.
|
||
|
type: string
|
||
|
wildcard:
|
||
|
description: Wildcard will be true if this challenge is for a wildcard
|
||
|
identifier, for example '*.example.com'.
|
||
|
type: boolean
|
||
|
status:
|
||
|
type: object
|
||
|
properties:
|
||
|
presented:
|
||
|
description: Presented will be set to true if the challenge values for
|
||
|
this challenge are currently 'presented'. This *does not* imply the
|
||
|
self check is passing. Only that the values have been 'submitted'
|
||
|
for the appropriate challenge mechanism (i.e. the DNS01 TXT record
|
||
|
has been presented, or the HTTP01 configuration has been configured).
|
||
|
type: boolean
|
||
|
processing:
|
||
|
description: Processing is used to denote whether this challenge should
|
||
|
be processed or not. This field will only be set to true by the 'scheduling'
|
||
|
component. It will only be set to false by the 'challenges' controller,
|
||
|
after the challenge has reached a final state or timed out. If this
|
||
|
field is set to false, the challenge controller will not take any
|
||
|
more action.
|
||
|
type: boolean
|
||
|
reason:
|
||
|
description: Reason contains human readable information on why the Challenge
|
||
|
is in the current state.
|
||
|
type: string
|
||
|
state:
|
||
|
description: State contains the current 'state' of the challenge. If
|
||
|
not set, the state of the challenge is unknown.
|
||
|
type: string
|
||
|
enum:
|
||
|
- valid
|
||
|
- ready
|
||
|
- pending
|
||
|
- processing
|
||
|
- invalid
|
||
|
- expired
|
||
|
- errored
|