Skip to content

Instantly share code, notes, and snippets.

@tamalsaha

tamalsaha/voyager-ingress-12.0-crd.yaml

Created October 13, 2021 05:38
Show Gist options
  • Save tamalsaha/001800759bc822db667eb251b270e9a2 to your computer and use it in GitHub Desktop.
Save tamalsaha/001800759bc822db667eb251b270e9a2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
voyager-ingress-12.0-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: "2021-10-13T05:37:40Z"
generation: 1
labels:
app.kubernetes.io/name: voyager
name: ingresses.voyager.appscode.com
resourceVersion: "652"
uid: 9490bbc8-8bc2-4e25-8af4-9dbebcb34d10
spec:
conversion:
strategy: None
group: voyager.appscode.com
names:
categories:
- networking
- appscode
- all
kind: Ingress
listKind: IngressList
plural: ingresses
shortNames:
- ing
singular: ingress
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.rules[0].host
name: Hosts
type: string
- jsonPath: .status.loadBalancer.ingress
name: LOAD_BALANCER_IP
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressSpec describes the Ingress the user wishes to exist.
properties:
affinity:
description: If specified, the pod's scheduling constraints
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
backend:
description: A default backend capable of servicing requests that
don't match any rule. At least one of 'backend' or 'rules' must
be specified. This field is optional to allow the loadbalancer controller
or defaulting logic to specify a global default.
properties:
alpn:
description: Application-Layer Protocol Negotiation (ALPN) is
a Transport Layer Security (TLS) extension for application layer
protocol negotiation. ALPN allows the application layer to negotiate
which protocol should be performed over a secure connection
in a manner which avoids additional round trips and which is
independent of the application layer protocols. It is used by
HTTP/2. If provided a list of alpn will be added to port as
alpn option1,option2,... If SecretName is Provided this secret
will be used to terminate SSL with alpn options. If Secret name
is not provided backend server is responsible for handling SSL.
Note that, the order of the options indicates the preference
If the ALPN list contains "h2", "option http-use-htx" will
be added to enable HTX mode https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
items:
type: string
type: array
backendRules:
description: Serialized HAProxy rules to apply on server backend
including request, response or header rewrite. acls also can
be used. https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
items:
type: string
type: array
headerRules:
description: "Header rules to modifies the header. \n Deprecated:
Use backendRule, will be removed."
items:
type: string
type: array
hostNames:
description: Host names to forward traffic to. If empty traffic
will be forwarded to all subsets instance. If set only matched
hosts will get the traffic. This is an handy way to send traffic
to Specific StatefulSet pod. IE. Setting [web-0] will send traffic
to only web-0 host for this StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
items:
type: string
type: array
loadBalanceOn:
description: Define the load balancing algorithm to be used in
a backend. https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
type: string
name:
description: User can specify backend name for using it with custom
acl Otherwise it will be generated
type: string
proto:
description: HTTP protocol to use If the Proto contains "h2", "option
http-use-htx" will be added to enable HTX mode https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
type: string
rewriteRules:
description: "Path rewrite rules with haproxy formatted regex.
\n Deprecated: Use backendRule, will be removed."
items:
type: string
type: array
serviceName:
description: Specifies the name of the referenced service.
type: string
servicePort:
anyOf:
- type: integer
- type: string
description: Specifies the port of the referenced service.
x-kubernetes-int-or-string: true
type: object
configVolumes:
description: Config volumes are used to mount any secret or configmap
into HAProxy pods.
items:
description: Represents the source of a volume to mount. Only one
of its members may be specified.
properties:
configMap:
description: ConfigMap represents a configMap that should populate
this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the ConfigMap, the volume setup will error unless it is
marked optional. Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its keys must
be defined
type: boolean
type: object
mountPath:
description: Path within the container at which the volume should
be mounted. Must not contain ':'.
type: string
name:
type: string
projected:
description: Items for all in one resources secrets, configmaps,
and downward API
properties:
defaultMode:
description: Mode bits to use on created files by default.
Must be a value between 0 and 0777. Directories within
the path are not affected by this setting. This might
be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits
set.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
description: information about the configMap data
to project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the ConfigMap, the volume
setup will error unless it is marked optional.
Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI data
to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of,
defaults to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must
not be absolute or contain the ''..''
path. Must be utf-8 encoded. The first
item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
description: Specifies the output format
of the exposed resources, defaults
to "1"
type: string
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret data to
project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced Secret will
be projected into the volume as a file whose
name is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
will error unless it is marked optional. Paths
must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
token. The audience defaults to the identifier
of the apiserver.
type: string
expirationSeconds:
description: ExpirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
the service account token. The kubelet will
start trying to rotate the token if the token
is older than 80 percent of its time to live
or if the token is older than 24 hours.Defaults
to 1 hour and must be at least 10 minutes.
format: int64
type: integer
path:
description: Path is the path relative to the
mount point of the file to project the token
into.
type: string
required:
- path
type: object
type: object
type: array
required:
- sources
type: object
secret:
description: 'Secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the Secret, the volume setup will error unless it is marked
optional. Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must
be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
required:
- mountPath
type: object
type: array
externalIPs:
description: externalIPs is a list of IP addresses for which nodes
in the cluster will also accept traffic for this service. These
IPs are not managed by Kubernetes. The user is responsible for
ensuring that traffic arrives at a node with this IP. A common
example is external load-balancers that are not part of the Kubernetes
system.
items:
type: string
type: array
frontendRules:
description: Frontend rules specifies a set of rules that should be
applied in HAProxy frontend configuration. The set of keywords are
from here https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.1
Only frontend sections can be applied here. It is up to user to
provide valid set of rules. This allows acls or other options in
frontend sections in HAProxy config. Frontend rules will be mapped
with Ingress Rules according to port.
items:
properties:
auth:
properties:
basic:
properties:
realm:
type: string
secretName:
type: string
type: object
oauth:
items:
properties:
authBackend:
type: string
authPath:
type: string
host:
type: string
paths:
items:
type: string
type: array
signinPath:
type: string
type: object
type: array
tls:
properties:
errorPage:
type: string
headers:
additionalProperties:
type: string
type: object
secretName:
type: string
verifyClient:
type: string
type: object
type: object
port:
anyOf:
- type: integer
- type: string
description: Port indicates the frontend port where HAProxy
is listening for connection
x-kubernetes-int-or-string: true
rules:
description: Serialized rules
items:
type: string
type: array
type: object
type: array
imagePullSecrets:
description: 'ImagePullSecrets is an optional list of references to
secrets in the same namespace to use for pulling any of the images
used by this PodSpec. If specified, these secrets will be passed
to individual puller implementations for them to use. For example,
in the case of docker, only DockerConfig type secrets are honored.
More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
livenessProbe:
description: Periodic probe of container liveness. Container will
be restarted if the probe fails. Cannot be updated.
properties:
exec:
description: One and only one of the following should be specified.
Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute inside
the container, the working directory for the command is
root ('/') in the container's filesystem. The command is
simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell,
you need to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe to be
considered failed after having succeeded. Defaults to 3. Minimum
value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the pod
IP. You probably want to set "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows
repeated headers.
items:
description: HTTPHeader describes a custom header to be
used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on the container.
Number must be in the range 1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host. Defaults
to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has started
before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe. Default
to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe to be
considered successful after having failed. Defaults to 1. Must
be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a TCP port.
TCP hooks not yet supported TODO: implement a realistic TCP
lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on the container.
Number must be in the range 1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
loadBalancerSourceRanges:
description: 'Optional: If specified and supported by the platform,
this will restrict traffic through the cloud-provider load-balancer
will be restricted to the specified client IPs. This field will
be ignored if the cloud-provider does not support the feature. https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
items:
type: string
type: array
nodeSelector:
additionalProperties:
type: string
description: 'NodeSelector is a selector which must be true for the
pod to fit on a node. Selector which must match a node''s labels
for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
priority:
description: The priority value. Various system components use this
field to find the priority of the pod. When Priority Admission Controller
is enabled, it prevents users from setting this field. The admission
controller populates this field from PriorityClassName. The higher
the value, the higher the priority.
format: int32
type: integer
priorityClassName:
description: If specified, indicates the pod's priority. "system-node-critical"
and "system-cluster-critical" are two special keywords which indicate
the highest priorities with the former being the highest priority.
Any other name must be defined by creating a PriorityClass object
with that name. If not specified, the pod priority will be default
or zero if there is no default.
type: string
readinessProbe:
description: Periodic probe of container service readiness. Container
will be removed from service endpoints if the probe fails. Cannot
be updated.
properties:
exec:
description: One and only one of the following should be specified.
Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute inside
the container, the working directory for the command is
root ('/') in the container's filesystem. The command is
simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell,
you need to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe to be
considered failed after having succeeded. Defaults to 3. Minimum
value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the pod
IP. You probably want to set "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows
repeated headers.
items:
description: HTTPHeader describes a custom header to be
used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on the container.
Number must be in the range 1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host. Defaults
to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has started
before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe. Default
to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe to be
considered successful after having failed. Defaults to 1. Must
be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a TCP port.
TCP hooks not yet supported TODO: implement a realistic TCP
lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on the container.
Number must be in the range 1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: Compute Resources required by the sidecar container.
properties:
limits:
additionalProperties:
type: string
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
type: string
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
rules:
description: A list of host rules used to configure the Ingress. If
unspecified, or no rule matches, all traffic is sent to the default
backend.
items:
description: IngressRule represents the rules mapping the paths
under a specified host to the related backend services. Incoming
requests are first evaluated for a host match, then routed to
the backend associated with the matching IngressRuleValue.
properties:
host:
description: "Host is the fully qualified domain name of a network
host, as defined by RFC 3986. Note the following deviations
from the \"host\" part of the URI as defined in the RFC: 1.
IPs are not allowed. Currently an IngressRuleValue can only
apply to the \t IP in the Spec of the parent Ingress. 2.
The `:` delimiter is not respected because ports are not allowed.
\t Currently the port of an Ingress is implicitly :80 for
http and \t :443 for https. Both these may change in the
future. Incoming requests are matched against the host before
the IngressRuleValue. If the host is unspecified, the Ingress
routes all traffic based on the specified IngressRuleValue."
type: string
http:
description: 'HTTPIngressRuleValue is a list of http selectors
pointing to backends. In the example: http://<host>/<path>?<searchpart>
-> backend where where parts of the url correspond to RFC
3986, this resource will be used to match against everything
after the last ''/'' and before the first ''?'' or ''#''.'
properties:
address:
description: The network address to listen HTTP(s) connections
on.
type: string
alpn:
description: Application-Layer Protocol Negotiation (ALPN)
is a Transport Layer Security (TLS) extension for application
layer protocol negotiation. ALPN allows the application
layer to negotiate which protocol should be performed
over a secure connection in a manner which avoids additional
round trips and which is independent of the application
layer protocols. It is used by HTTP/2. If provided a list
of alpn will be added to port as alpn option1,option2,...
If SecretName is Provided this secret will be used to
terminate SSL with alpn options. If Secret name is not
provided backend server is responsible for handling SSL.
Note that, the order of the options indicates the preference
If the ALPN list contains "h2", "option http-use-htx"
will be added to enable HTX mode https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
items:
type: string
type: array
noTLS:
description: Set noTLS = true to force plain text. Else,
auto detect like present
type: boolean
nodePort:
anyOf:
- type: integer
- type: string
description: Specifies the node port of the referenced service.
x-kubernetes-int-or-string: true
paths:
description: A collection of paths that map requests to
backends.
items:
description: HTTPIngressPath associates a path regex with
a backend. Incoming urls matching the path are forwarded
to the backend.
properties:
backend:
description: Backend defines the referenced service
endpoint to which the traffic will be forwarded
to.
properties:
alpn:
description: Application-Layer Protocol Negotiation
(ALPN) is a Transport Layer Security (TLS) extension
for application layer protocol negotiation.
ALPN allows the application layer to negotiate
which protocol should be performed over a secure
connection in a manner which avoids additional
round trips and which is independent of the
application layer protocols. It is used by HTTP/2.
If provided a list of alpn will be added to
port as alpn option1,option2,... If SecretName
is Provided this secret will be used to terminate
SSL with alpn options. If Secret name is not
provided backend server is responsible for handling
SSL. Note that, the order of the options indicates
the preference If the ALPN list contains "h2", "option
http-use-htx" will be added to enable HTX mode
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
items:
type: string
type: array
backendRules:
description: Serialized HAProxy rules to apply
on server backend including request, response
or header rewrite. acls also can be used. https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
items:
type: string
type: array
headerRules:
description: "Header rules to modifies the header.
\n Deprecated: Use backendRule, will be removed."
items:
type: string
type: array
hostNames:
description: Host names to forward traffic to.
If empty traffic will be forwarded to all subsets
instance. If set only matched hosts will get
the traffic. This is an handy way to send traffic
to Specific StatefulSet pod. IE. Setting [web-0]
will send traffic to only web-0 host for this
StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
items:
type: string
type: array
loadBalanceOn:
description: Define the load balancing algorithm
to be used in a backend. https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
type: string
name:
description: User can specify backend name for
using it with custom acl Otherwise it will be
generated
type: string
proto:
description: HTTP protocol to use If the Proto
contains "h2", "option http-use-htx" will be
added to enable HTX mode https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
type: string
rewriteRules:
description: "Path rewrite rules with haproxy
formatted regex. \n Deprecated: Use backendRule,
will be removed."
items:
type: string
type: array
serviceName:
description: Specifies the name of the referenced
service.
type: string
servicePort:
anyOf:
- type: integer
- type: string
description: Specifies the port of the referenced
service.
x-kubernetes-int-or-string: true
type: object
path:
description: Path is a extended POSIX regex as defined
by IEEE Std 1003.1, (i.e this follows the egrep/unix
syntax, not the perl syntax) matched against the
path of an incoming request. Currently it can contain
characters disallowed from the conventional "path"
part of a URL as defined by RFC 3986. Paths must
begin with a '/'. If unspecified, the path defaults
to a catch all sending traffic to the backend.
type: string
type: object
type: array
port:
anyOf:
- type: integer
- type: string
description: port to listen http(s) connections.
x-kubernetes-int-or-string: true
proto:
description: HTTP protocol to use If the Proto contains
"h2", "option http-use-htx" will be added to enable HTX
mode https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
type: string
required:
- paths
type: object
tcp:
properties:
address:
description: The network address to listen TCP connections
on.
type: string
alpn:
description: Application-Layer Protocol Negotiation (ALPN)
is a Transport Layer Security (TLS) extension for application
layer protocol negotiation. ALPN allows the application
layer to negotiate which protocol should be performed
over a secure connection in a manner which avoids additional
round trips and which is independent of the application
layer protocols. It is used by HTTP/2. If provided a list
of alpn will be added to port as alpn option1,option2,...
If SecretName is Provided this secret will be used to
terminate SSL with alpn options. If Secret name is not
provided backend server is responsible for handling SSL.
Note that, the order of the options indicates the preference
If the ALPN list contains "h2", "option http-use-htx"
will be added to enable HTX mode https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
items:
type: string
type: array
backend:
description: Backend to forward the requests.
properties:
alpn:
description: Application-Layer Protocol Negotiation
(ALPN) is a Transport Layer Security (TLS) extension
for application layer protocol negotiation. ALPN allows
the application layer to negotiate which protocol
should be performed over a secure connection in a
manner which avoids additional round trips and which
is independent of the application layer protocols.
It is used by HTTP/2. If provided a list of alpn will
be added to port as alpn option1,option2,... If SecretName
is Provided this secret will be used to terminate
SSL with alpn options. If Secret name is not provided
backend server is responsible for handling SSL. Note
that, the order of the options indicates the preference
If the ALPN list contains "h2", "option http-use-htx"
will be added to enable HTX mode https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
items:
type: string
type: array
backendRules:
description: Serialized HAProxy rules to apply on server
backend including request, response or header rewrite.
acls also can be used. https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
items:
type: string
type: array
hostNames:
description: Host names to forward traffic to. If empty
traffic will be forwarded to all subsets instance.
If set only matched hosts will get the traffic. This
is an handy way to send traffic to Specific StatefulSet
pod. IE. Setting [web-0] will send traffic to only
web-0 host for this StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
items:
type: string
type: array
loadBalanceOn:
description: Define the load balancing algorithm to
be used in a backend. https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
type: string
name:
description: User can specify backend name for using
it with custom acl Otherwise it will be generated
type: string
proto:
description: HTTP protocol to use If the Proto contains
"h2", "option http-use-htx" will be added to enable
HTX mode https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
type: string
serviceName:
description: Specifies the name of the referenced service.
type: string
servicePort:
anyOf:
- type: integer
- type: string
description: Specifies the port of the referenced service.
x-kubernetes-int-or-string: true
type: object
noTLS:
description: Set noTLS = true to force plain text. Else,
auto detect like present
type: boolean
nodePort:
anyOf:
- type: integer
- type: string
description: Specifies the node port of the referenced service.
x-kubernetes-int-or-string: true
port:
anyOf:
- type: integer
- type: string
description: port to listen tcp connections.
x-kubernetes-int-or-string: true
proto:
description: HTTP protocol to use If the Proto contains
"h2", "option http-use-htx" will be added to enable HTX
mode https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
type: string
type: object
type: object
type: array
schedulerName:
description: If specified, the pod will be dispatched by specified
scheduler. If not specified, the pod will be dispatched by default
scheduler.
type: string
securityContext:
description: 'SecurityContext holds pod-level security attributes
and common container settings. Optional: Defaults to empty. See
type description for default values of each field.'
properties:
fsGroup:
description: "A special supplemental group that applies to all
containers in a pod. Some volume types allow the Kubelet to
change the ownership of that volume to be owned by the pod:
\n 1. The owning GID will be the FSGroup 2. The setgid bit is
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
format: int64
type: integer
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a non-root
user. If true, the Kubelet will validate the image at runtime
to ensure that it does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no such validation
will be performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
properties:
level:
description: Level is SELinux level label that applies to
the container.
type: string
role:
description: Role is a SELinux role label that applies to
the container.
type: string
type:
description: Type is a SELinux type label that applies to
the container.
type: string
user:
description: User is a SELinux user label that applies to
the container.
type: string
type: object
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named by
the GMSACredentialSpecName field. This field is alpha-level
and is only honored by servers that enable the WindowsGMSA
feature flag.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA
credential spec to use. This field is alpha-level and is
only honored by servers that enable the WindowsGMSA feature
flag.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence. This
field is alpha-level and it is only honored by servers that
enable the WindowsRunAsUserName feature flag.
type: string
type: object
type: object
terminationGracePeriodSeconds:
description: Set this value longer than the expected cleanup time
for your process. Defaults to 30 seconds.
format: int64
type: integer
tls:
description: TLS is the TLS configuration. Currently the Ingress only
supports a single TLS port, 443, and assumes TLS termination. If
multiple members of this list specify different hosts, they will
be multiplexed on the same port according to the hostname specified
through the SNI TLS extension.
items:
description: IngressTLS describes the transport layer security associated
with an Ingress.
properties:
hosts:
description: Hosts are a list of hosts included in the TLS certificate.
The values in this list must match the name/s used in the
tlsSecret. Defaults to the wildcard host setting for the loadbalancer
controller fulfilling this Ingress, if left unspecified.
items:
type: string
type: array
ref:
description: Ref to used tls termination.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
type: object
secretName:
description: SecretName is the name of the secret used to terminate
SSL traffic on 443. Field is left optional to allow SSL routing
based on SNI hostname alone. If the SNI host in a listener
conflicts with the "Host" header field used by an IngressRule,
the SNI host is used for termination and value of the Host
header is used for routing. Deprecated
type: string
type: object
type: array
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple <key,value,effect> using the matching
operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match all
values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the
value. Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod
can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time
the toleration (which must be of effect NoExecute, otherwise
this field is ignored) tolerates the taint. By default, it
is not set, which means tolerate the taint forever (do not
evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: IngressStatus describe the current state of the Ingress.
properties:
loadBalancer:
description: LoadBalancer contains the current status of the load-balancer.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a
load-balancer ingress point: traffic intended for the service
should be sent to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points
that are IP based (typically GCE or OpenStack load-balancers)
type: string
type: object
type: array
type: object
observedGeneration:
description: observedGeneration is the most recent generation observed
for this resource. It corresponds to the resource's generation,
which is updated on mutation by the API Server.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
categories:
- networking
- appscode
- all
kind: Ingress
listKind: IngressList
plural: ingresses
shortNames:
- ing
singular: ingress
conditions:
- lastTransitionTime: "2021-10-13T05:37:40Z"
message: no conflicts found
reason: NoConflicts
status: "True"
type: NamesAccepted
- lastTransitionTime: "2021-10-13T05:37:40Z"
message: the initial names have been accepted
reason: InitialNamesAccepted
status: "True"
type: Established
storedVersions:
- v1beta1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment