openkruise
/
charts
mirror of https://github.com/openkruise/charts.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kruise 1.7.1 (#116)

This commit is contained in:
berg 2024-09-10 15:28:16 +08:00 committed by GitHub
parent e9c56f1925
commit c4879675db
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 10038 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/kruise
View File

@ -1 +1 @@
../versions/kruise/1.7.0 ../versions/kruise/1.7.1

21
versions/kruise/1.7.1/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

25
versions/kruise/1.7.1/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
name: kruise
description: Helm chart for kruise components
version: 1.7.1
appVersion: 1.7.1
kubeVersion: ">= 1.18.0-0"
icon: https://openkruise.io/img/openkruise-logo-bg.jpg
keywords:
- openkruise
- kubernetes
- kruise
- workload
- statefulset
- sidecar
- job
- deployment
- cloneset
home: https://openkruise.io
sources:
- https://github.com/openkruise/kruise
annotations:
artifacthub.io/changes: |
- "[Changed]: https://github.com/openkruise/kruise/blob/master/CHANGELOG.md"
- "[Security]: Fix potential security issues of dependent packages"
- "[Changed]: Change kruise daemon dns policy to ClusterFirstWithHostNet"

155
versions/kruise/1.7.1/README.md Normal file
View File

@ -0,0 +1,155 @@
# Kruise v1.7.1
## Configuration
The following table lists the configurable parameters of the kruise chart and their default values.
## setup parameters
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- |
| `featureGates` | Feature gates for Kruise, empty string means all enabled | `""` |
| `installation.namespace` | Namespace for kruise installation | `kruise-system` |
| `installation.createNamespace` | Whether to create the installation.namespace | `true` |
| `installation.roleListGroups` | ApiGroups which kruise is permit to list, default set to be all | `*` |
| `crds.managed` | Kruise will not install CRDs with chart if this is false | `true` |
| `imagePullSecrets` | The list of image pull secrets for kruise image | `[]` |
#### manager parameters
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- |
| `manager.log.level` | Log level that kruise-manager printed | `4` |
| `manager.replicas` | Replicas of kruise-controller-manager deployment | `2` |
| `manager.image.repository` | Repository for kruise-manager image | `openkruise/kruise-manager` |
| `manager.image.tag` | Tag for kruise-manager image | `v1.7.1` |
| `manager.resources.limits.cpu` | CPU resource limit of kruise-manager container | `200m` |
| `manager.resources.limits.memory` | Memory resource limit of kruise-manager container | `512Mi` |
| `manager.resources.requests.cpu` | CPU resource request of kruise-manager container | `100m` |
| `manager.resources.requests.memory` | Memory resource request of kruise-manager container | `256Mi` |
| `manager.metrics.port` | Port of metrics served | `8080` |
| `manager.webhook.port` | Port of webhook served | `9443` |
| `manager.pprofAddr` | Address of pprof served | `localhost:8090` |
| `manager.nodeAffinity` | Node affinity policy for kruise-manager pod | `{}` |
| `manager.nodeSelector` | Node labels for kruise-manager pod | `{}` |
| `manager.tolerations` | Tolerations for kruise-manager pod | `[]` |
| `manager.resyncPeriod` | Resync period of informer kruise-manager, defaults no resync | `0` |
| `manager.hostNetwork` | Whether kruise-manager pod should run with hostnetwork | `false` |
| `manager.loggingFormat` | Logging format, valid formats includes ` `(plain text), `json` | ` ` |
#### daemon parameters
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- |
| `daemon.extraEnvs` | Extra environment variables that will be pass onto pods | `[]` |
| `daemon.log.level` | Log level that kruise-daemon printed | `4` |
| `daemon.port` | Port of metrics and healthz that kruise-daemon served | `10221` |
| `daemon.pprofAddr` | Address of pprof served | `localhost:10222` |
| `daemon.resources.limits.cpu` | CPU resource limit of kruise-daemon container | `50m` |
| `daemon.resources.limits.memory` | Memory resource limit of kruise-daemon container | `128Mi` |
| `daemon.resources.requests.cpu` | CPU resource request of kruise-daemon container | `0` |
| `daemon.resources.requests.memory` | Memory resource request of kruise-daemon container | `0` |
| `daemon.affinity` | Affinity policy for kruise-daemon pod | `{}` |
| `daemon.socketLocation` | Location of the container manager control socket | `/var/run` |
| `daemon.socketFile` | Specify the socket file name in `socketLocation` (if you are not using containerd/docker/pouch/cri-o) | ` ` |
| `daemon.credentialProvider.enable` | Whether to enable credential provider for image pull job | `false` |
| `daemon.credentialProvider.hostPath` | node dir of the credential provider plugin, kruise-daemon will mount the dir as a hostpath volume | `credential-provider-plugin` |
| `daemon.credentialProvider.configmap` | configmap name of the credential provider in kruise-system ns | `credential-provider-config` |
| `daemon.credentialProvider.awsCredentialsDir` | aws credentials dir if using AWS, for example: `/root/.aws` | ` ` |
### other parameters
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- |
| `enableKubeCacheMutationDetector` | Whether to enable KUBE_CACHE_MUTATION_DETECTOR | `false` |
| `webhookConfiguration.timeoutSeconds` | The timeoutSeconds for all webhook configuration | `30` |
| `serviceAccount.annotations` | Annotations to patch for serviceAccounts | `{}` |
| `externalCerts.annotations` | Annotations to patch for webhook configuration and crd when featuregate `EnableExternalCerts` is enabled. For example, `cert-manager.io/inject-ca-from: kruise-system/kruise-webhook-certs`. | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, `helm install kruise https://... --set featureGates="AllAlpha=true"`.
### Optional: feature-gate
Feature-gate controls some influential features in Kruise:
| Name | Description | Default | Effect (if closed) |
|---------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| ------- |-------------------------------------------------------------------------------------------------------------------|
| `PodWebhook` | Whether to open a webhook for Pod **create** | `true` | SidecarSet/KruisePodReadinessGate disabled |
| `KruiseDaemon` | Whether to deploy `kruise-daemon` DaemonSet | `true` | ImagePulling/ContainerRecreateRequest disabled |
| `DaemonWatchingPod` | Should each `kruise-daemon` watch pods on the same node | `true` | For in-place update with same imageID or env from labels/annotations |
| `CloneSetShortHash` | Enables CloneSet controller only set revision hash name to pod label | `false` | CloneSet name can not be longer than 54 characters |
| `KruisePodReadinessGate` | Enables Kruise webhook to inject 'KruisePodReady' readiness-gate to all Pods during creation | `false` | The readiness-gate will only be injected to Pods created by Kruise workloads |
| `PreDownloadImageForInPlaceUpdate` | Enables CloneSet controller to create ImagePullJobs to pre-download images for in-place update | `true` | No image pre-download for in-place update |
| `CloneSetPartitionRollback` | Enables CloneSet controller to rollback Pods to currentRevision when number of updateRevision pods is bigger than (replicas - partition) | `false` | CloneSet will only update Pods to updateRevision |
| `ResourcesDeletionProtection` | Enables protection for resources deletion | `true` | No protection for resources deletion |
| `TemplateNoDefaults` | Whether to disable defaults injection for pod/pvc template in workloads | `false` | Should not close this feature if it has open |
| `PodUnavailableBudgetDeleteGate` | Enables PodUnavailableBudget for pod deletion, eviction | `true` | No protection for pod deletion, eviction |
| `PodUnavailableBudgetUpdateGate` | Enables PodUnavailableBudget for pod.Spec update | `false` | No protection for in-place update |
| `WorkloadSpread` | Enables WorkloadSpread to manage multi-domain and elastic deploy | `true` | WorkloadSpread disabled |
| `InPlaceUpdateEnvFromMetadata` | Enables Kruise to in-place update a container in Pod when its env from labels/annotations changed and pod is in-place updating | `true` | Only container image can be in-place update |
| `StatefulSetAutoDeletePVC` | Enables policies controlling deletion of PVCs created by a StatefulSet | `true` | No deletion of PVCs by StatefulSet |
| `PreDownloadImageForDaemonSetUpdate` | Enables DaemonSet controller to create ImagePullJobs to pre-download images for in-place update | `false` | No image pre-download for in-place update |
| `PodProbeMarkerGate` | Whether to turn on PodProbeMarker ability | `true` | PodProbeMarker disabled |
| `SidecarSetPatchPodMetadataDefaultsAllowed` | Allow SidecarSet patch any annotations to Pod Object | `false` | Annotations are not allowed to patch randomly and need to be configured via SidecarSet_PatchPodMetadata_WhiteList |
| `SidecarTerminator` | SidecarTerminator enables SidecarTerminator to stop sidecar containers when all main containers exited | `false` | SidecarTerminator disabled |
| `CloneSetEventHandlerOptimization` | CloneSetEventHandlerOptimization enable optimization for cloneset-controller to reduce the queuing frequency cased by pod update | `false` | optimization for cloneset-controller to reduce the queuing frequency cased by pod update disabled |
| `PreparingUpdateAsUpdate` | PreparingUpdateAsUpdate enable CloneSet/Advanced StatefulSet controller to regard preparing-update Pod as updated when calculating update/current revision during scaling. | `false` | Pods at preparing update state will be regarded as current revision instead of update revision |
| `ImagePullJobGate` | ImagePullJobGate enable imagepulljob-controller execute ImagePullJob | `false` | ImagePullJob and PreDownloadImageForInPlaceUpdate are disabled |
| `ResourceDistributionGate` | ResourceDistributionGate enable resourcedistribution-controller execute ResourceDistribution. | `false` | ResourceDistribution disabled |
| `DeletionProtectionForCRDCascadingGate` | DeletionProtectionForCRDCascadingGate enable deletionProtection for crd Cascading | `false` | CustomResourceDefinition deletion protection disabled |
| `EnableExternalCerts` | Using certs generated externally, cert-manager e.g., for webhook server | `false` | kruise-manager will generate self-signed certs for webhook server |
If you want to configure the feature-gate, just set the parameter when install or upgrade. Such as:
```bash
$ helm install kruise https://... --set featureGates="ResourcesDeletionProtection=true\,PreDownloadImageForInPlaceUpdate=true"
...
```
If you want to enable all feature-gates, set the parameter as `featureGates=AllAlpha=true`.
### Optional: the local image for China
If you are in China and have problem to pull image from official DockerHub, you can use the registry hosted on Alibaba Cloud:
```bash
$ helm install kruise https://... --set manager.image.repository=openkruise-registry.cn-hangzhou.cr.aliyuncs.com/openkruise/kruise-manager
...
```
### Optional: Support webhook CA injection using external certification management tool
Kruise needs certificates to enable mutating, validating and conversion webhooks. By default, kruise will generate self-signed certificates for webhook server.
If you want to use external certification management tool, e.g. cert-manager, you can follow these steps when install or upgrade:
1. Install external certification management tool, e.g. [cert-manager](https://cert-manager.io/docs/installation/helm/).
2. Create issuer and certificate resources if you have not done this before.
```yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kruise-webhook-certs
# consistent with installation.namespace
namespace: kruise-system
spec:
# where to store the certificates
# cert-manager would generate a secret kruise-system/kruise-webhook-certs with the certificates
# DO NOT CHANGE THE SECRET NAME SINCE KRUISE READ CERTS FROM THIS SECRET
secretName: kruise-webhook-certs
dnsNames:
- kruise-webhook-service.kruise-system.svc
- localhost
issuerRef:
name: selfsigned-kruise
kind: Issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-kruise
namespace: kruise-system
spec:
selfSigned: {}
```
3. During installation and upgrade, enable external certs support by setting featureGates=EnableExternalCerts=true and specify extra annotations that should be added to webhookconfiguration and CRD.
```
helm install kruise https://... --set featureGates="EnableExternalCerts=true" --set-json externalCerts.annotations='{"cert-manager.io/inject-ca-from":"kruise-system/kruise-webhook-certs"}'
```
Visit [CA Injector - cert manager](https://cert-manager.io/docs/concepts/ca-injector/) for more details.

1
versions/kruise/1.7.1/ci/default-values.yaml Normal file
View File

@ -0,0 +1 @@
# Test with default values

96
versions/kruise/1.7.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,96 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kruise.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kruise.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kruise.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Lookup existing immutatble resources
*/}}
{{- define "webhookServiceSpec" -}}
{{- $service := lookup "v1" "Service" .Values.installation.namespace "kruise-webhook-service" -}}
{{- if $service -}}
{{ if $service.spec.clusterIP -}}
clusterIP: {{ $service.spec.clusterIP }}
{{- end }}
{{ if $service.spec.clusterIPs -}}
clusterIPs:
{{ $service.spec.clusterIPs }}
{{- end }}
{{ if $service.spec.ipFamilyPolicy -}}
ipFamilyPolicy: {{ $service.spec.ipFamilyPolicy }}
{{- end }}
{{ if $service.spec.ipFamilies -}}
ipFamilies:
{{ $service.spec.ipFamilies }}
{{- end }}
{{ if $service.spec.type -}}
type: {{ $service.spec.type }}
{{- end }}
{{ if $service.spec.ipFamily -}}
ipFamily: {{ $service.spec.ipFamily }}
{{- end }}
{{- end -}}
ports:
- port: 443
targetPort: {{ .Values.manager.webhook.port }}
selector:
control-plane: controller-manager
{{- end -}}
{{- define "webhookSecretData" -}}
{{- $secret := lookup "v1" "Secret" .Values.installation.namespace "kruise-webhook-certs" -}}
{{- if $secret -}}
data:
{{- range $k, $v := $secret.data }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "serviceAccountManager" -}}
{{- $sa := lookup "v1" "ServiceAccount" .Values.installation.namespace "kruise-manager" -}}
{{- if $sa -}}
secrets:
{{- range $v := $sa.secrets }}
- name: {{ $v.name }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "serviceAccountDaemon" -}}
{{- $sa := lookup "v1" "ServiceAccount" .Values.installation.namespace "kruise-daemon" -}}
{{- if $sa -}}
secrets:
{{- range $v := $sa.secrets }}
- name: {{ $v.name }}
{{- end }}
{{- end }}
{{- end -}}

281
versions/kruise/1.7.1/templates/apps.kruise.io_advancedcronjobs.yaml Normal file
View File

@ -0,0 +1,281 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: advancedcronjobs.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: AdvancedCronJob
listKind: AdvancedCronJobList
plural: advancedcronjobs
shortNames:
- acj
singular: advancedcronjob
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The schedule of advanced cron job.
jsonPath: .spec.schedule
name: Schedule
type: string
- description: Type of cron job.
jsonPath: .status.type
name: Type
type: string
- description: The last time at which job was scheduled.
jsonPath: .status.lastScheduleTime
name: LastScheduleTime
type: date
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: AdvancedCronJob is the Schema for the advancedcronjobs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: AdvancedCronJobSpec defines the desired state of AdvancedCronJob
properties:
concurrencyPolicy:
description: |-
Specifies how to treat concurrent executions of a Job.
Valid values are:
- "Allow" (default): allows CronJobs to run concurrently;
- "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet;
- "Replace": cancels currently running job and replaces it with a new one
enum:
- Allow
- Forbid
- Replace
type: string
failedJobsHistoryLimit:
description: |-
The number of failed finished jobs to retain.
This is a pointer to distinguish between explicit zero and not specified.
format: int32
type: integer
paused:
description: Paused will pause the cron job.
type: boolean
schedule:
description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
minLength: 0
type: string
startingDeadlineSeconds:
description: |-
Optional deadline in seconds for starting the job if it misses scheduled
time for any reason. Missed jobs executions will be counted as failed ones.
format: int64
type: integer
successfulJobsHistoryLimit:
description: |-
The number of successful finished jobs to retain.
This is a pointer to distinguish between explicit zero and not specified.
format: int32
type: integer
template:
description: Specifies the job that will be created when executing
a CronJob.
properties:
broadcastJobTemplate:
description: Specifies the broadcastjob that will be created when
executing a BroadcastCronJob.
properties:
metadata:
description: Standard object's metadata of the jobs created
from this template.
type: object
spec:
description: Specification of the desired behavior of the
broadcastjob.
properties:
completionPolicy:
description: |-
CompletionPolicy indicates the completion policy of the job.
Default is Always CompletionPolicyType.
properties:
activeDeadlineSeconds:
description: |-
ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
before the system tries to terminate it; value must be positive integer.
Only works for Always type.
format: int64
type: integer
ttlSecondsAfterFinished:
description: |-
ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset,
the Job won't be automatically deleted. If this field is set to zero,
the Job becomes eligible to be deleted immediately after it finishes.
This field is alpha-level and is only honored by servers that enable the
TTLAfterFinished feature.
Only works for Always type
format: int32
type: integer
type:
description: |-
Type indicates the type of the CompletionPolicy.
Default is Always.
type: string
type: object
failurePolicy:
description: FailurePolicy indicates the behavior of the
job, when failed pod is found.
properties:
restartLimit:
description: RestartLimit specifies the number of
retries before marking the pod failed.
format: int32
type: integer
type:
description: |-
Type indicates the type of FailurePolicyType.
Default is FailurePolicyTypeFailFast.
type: string
type: object
parallelism:
anyOf:
- type: integer
- type: string
description: |-
Parallelism specifies the maximum desired number of pods the job should
run at any given time. The actual number of pods running in steady state will
be less than this number when the work left to do is less than max parallelism.
Not setting this value means no limit.
x-kubernetes-int-or-string: true
paused:
description: Paused will pause the job.
type: boolean
template:
description: Template describes the pod that will be created
when executing a job.
x-kubernetes-preserve-unknown-fields: true
required:
- template
type: object
type: object
jobTemplate:
description: Specifies the job that will be created when executing
a CronJob.
x-kubernetes-preserve-unknown-fields: true
type: object
timeZone:
description: |-
The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
If not specified, this will default to the time zone of the kruise-controller-manager process.
type: string
required:
- schedule
- template
type: object
status:
description: AdvancedCronJobStatus defines the observed state of AdvancedCronJob
properties:
active:
description: A list of pointers to currently running jobs.
items:
description: |-
ObjectReference contains enough information to let you inspect or modify the referred object.
---
New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
and the version of the actual struct is irrelevant.
5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
Instead of using this type, create a locally provided and used type that is well-focused on your reference.
For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: array
lastScheduleTime:
description: Information when was the last time the job was successfully
scheduled.
format: date-time
type: string
type:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

214
versions/kruise/1.7.1/templates/apps.kruise.io_broadcastjobs.yaml Normal file
View File

@ -0,0 +1,214 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: broadcastjobs.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: BroadcastJob
listKind: BroadcastJobList
plural: broadcastjobs
shortNames:
- bcj
singular: broadcastjob
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The desired number of pods. This is typically equal to the number
of nodes satisfied to run pods.
jsonPath: .status.desired
name: Desired
type: integer
- description: The number of actively running pods.
jsonPath: .status.active
name: Active
type: integer
- description: The number of pods which reached phase Succeeded.
jsonPath: .status.succeeded
name: Succeeded
type: integer
- description: The number of pods which reached phase Failed.
jsonPath: .status.failed
name: Failed
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: BroadcastJob is the Schema for the broadcastjobs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BroadcastJobSpec defines the desired state of BroadcastJob
properties:
completionPolicy:
description: |-
CompletionPolicy indicates the completion policy of the job.
Default is Always CompletionPolicyType.
properties:
activeDeadlineSeconds:
description: |-
ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
before the system tries to terminate it; value must be positive integer.
Only works for Always type.
format: int64
type: integer
ttlSecondsAfterFinished:
description: |-
ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset,
the Job won't be automatically deleted. If this field is set to zero,
the Job becomes eligible to be deleted immediately after it finishes.
This field is alpha-level and is only honored by servers that enable the
TTLAfterFinished feature.
Only works for Always type
format: int32
type: integer
type:
description: |-
Type indicates the type of the CompletionPolicy.
Default is Always.
type: string
type: object
failurePolicy:
description: FailurePolicy indicates the behavior of the job, when
failed pod is found.
properties:
restartLimit:
description: RestartLimit specifies the number of retries before
marking the pod failed.
format: int32
type: integer
type:
description: |-
Type indicates the type of FailurePolicyType.
Default is FailurePolicyTypeFailFast.
type: string
type: object
parallelism:
anyOf:
- type: integer
- type: string
description: |-
Parallelism specifies the maximum desired number of pods the job should
run at any given time. The actual number of pods running in steady state will
be less than this number when the work left to do is less than max parallelism.
Not setting this value means no limit.
x-kubernetes-int-or-string: true
paused:
description: Paused will pause the job.
type: boolean
template:
description: Template describes the pod that will be created when
executing a job.
x-kubernetes-preserve-unknown-fields: true
required:
- template
type: object
status:
description: BroadcastJobStatus defines the observed state of BroadcastJob
properties:
active:
description: The number of actively running pods.
format: int32
type: integer
completionTime:
description: |-
Represents time when the job was completed. It is not guaranteed to
be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
conditions:
description: The latest available observations of an object's current
state.
items:
description: JobCondition describes current state of a job.
properties:
lastProbeTime:
description: Last time the condition was checked.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of job condition, Complete or Failed.
type: string
required:
- status
- type
type: object
type: array
desired:
description: The desired number of pods, this is typically equal to
the number of nodes satisfied to run pods.
format: int32
type: integer
failed:
description: The number of pods which reached phase Failed.
format: int32
type: integer
phase:
description: The phase of the job.
type: string
startTime:
description: |-
Represents time when the job was acknowledged by the job controller.
It is not guaranteed to be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
succeeded:
description: The number of pods which reached phase Succeeded.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

547
versions/kruise/1.7.1/templates/apps.kruise.io_clonesets.yaml Normal file
View File

@ -0,0 +1,547 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: clonesets.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: CloneSet
listKind: CloneSetList
plural: clonesets
shortNames:
- clone
singular: cloneset
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The desired number of pods.
jsonPath: .spec.replicas
name: DESIRED
type: integer
- description: The number of pods updated.
jsonPath: .status.updatedReplicas
name: UPDATED
type: integer
- description: The number of pods updated and ready.
jsonPath: .status.updatedReadyReplicas
name: UPDATED_READY
type: integer
- description: The number of pods ready.
jsonPath: .status.readyReplicas
name: READY
type: integer
- description: The number of currently all pods.
jsonPath: .status.replicas
name: TOTAL
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- description: The containers of currently cloneset.
jsonPath: .spec.template.spec.containers[*].name
name: CONTAINERS
priority: 1
type: string
- description: The images of currently cloneset.
jsonPath: .spec.template.spec.containers[*].image
name: IMAGES
priority: 1
type: string
- description: The selector of currently cloneset.
jsonPath: .status.labelSelector
name: SELECTOR
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: CloneSet is the Schema for the clonesets API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CloneSetSpec defines the desired state of CloneSet
properties:
lifecycle:
description: Lifecycle defines the lifecycle hooks for Pods pre-available(pre-normal),
pre-delete, in-place update.
properties:
inPlaceUpdate:
description: InPlaceUpdate is the hook before Pod to update and
after Pod has been updated.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
preDelete:
description: PreDelete is the hook before Pod to be deleted.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
preNormal:
description: PreNormal is the hook after Pod to be created and
ready to be Normal.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
type: object
minReadySeconds:
description: |-
Minimum number of seconds for which a newly created pod should be ready
without any of its container crashing, for it to be considered available.
Defaults to 0 (pod will be considered available as soon as it is ready)
format: int32
type: integer
replicas:
description: |-
Replicas is the desired number of replicas of the given Template.
These are replicas in the sense that they are instantiations of the
same Template.
If unspecified, defaults to 1.
format: int32
type: integer
revisionHistoryLimit:
description: |-
RevisionHistoryLimit is the maximum number of revisions that will
be maintained in the CloneSet's revision history. The revision history
consists of all revisions not represented by a currently applied
CloneSetSpec version. The default value is 10.
format: int32
type: integer
scaleStrategy:
description: |-
ScaleStrategy indicates the ScaleStrategy that will be employed to
create and delete Pods in the CloneSet.
properties:
disablePVCReuse:
description: |-
Indicate if cloneSet will reuse already existed pvc to
rebuild a new pod
type: boolean
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of pods that can be unavailable for scaled pods.
This field can control the changes rate of replicas for CloneSet so as to minimize the impact for users' service.
The scale will fail if the number of unavailable pods were greater than this MaxUnavailable at scaling up.
MaxUnavailable works only when scaling up.
x-kubernetes-int-or-string: true
podsToDelete:
description: |-
PodsToDelete is the names of Pod should be deleted.
Note that this list will be truncated for non-existing pod names.
items:
type: string
type: array
type: object
selector:
description: |-
Selector is a label query over pods that should match the replica count.
It must match the pod template's labels.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
template:
description: Template describes the pods that will be created.
x-kubernetes-preserve-unknown-fields: true
updateStrategy:
description: |-
UpdateStrategy indicates the UpdateStrategy that will be employed to
update Pods in the CloneSet when a revision is made to Template.
properties:
inPlaceUpdateStrategy:
description: InPlaceUpdateStrategy contains strategies for in-place
update.
properties:
gracePeriodSeconds:
description: |-
GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec
when in-place update a Pod.
format: int32
type: integer
type: object
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of pods that can be scheduled above the desired replicas during update or specified delete.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
Absolute number is calculated from percentage by rounding up.
Defaults to 0.
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of pods that can be unavailable during update or scale.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
Absolute number is calculated from percentage by rounding up by default.
When maxSurge > 0, absolute number is calculated from percentage by rounding down.
Defaults to 20%.
x-kubernetes-int-or-string: true
partition:
anyOf:
- type: integer
- type: string
description: |-
Partition is the desired number of pods in old revisions.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
Absolute number is calculated from percentage by rounding up by default.
It means when partition is set during pods updating, (replicas - partition value) number of pods will be updated.
Default value is 0.
x-kubernetes-int-or-string: true
paused:
description: |-
Paused indicates that the CloneSet is paused.
Default value is false
type: boolean
priorityStrategy:
description: |-
Priorities are the rules for calculating the priority of updating pods.
Each pod to be updated, will pass through these terms and get a sum of weights.
properties:
orderPriority:
description: |-
Order priority terms, pods will be sorted by the value of orderedKey.
For example:
```
orderPriority:
- orderedKey: key1
- orderedKey: key2
```
First, all pods which have key1 in labels will be sorted by the value of key1.
Then, the left pods which have no key1 but have key2 in labels will be sorted by
the value of key2 and put behind those pods have key1.
items:
description: UpdatePriorityOrderTerm defines order priority.
properties:
orderedKey:
description: |-
Calculate priority by value of this key.
Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value,
such as getting 5 in value '5', getting 10 in value 'sts-10'.
type: string
required:
- orderedKey
type: object
type: array
weightPriority:
description: Weight priority terms, pods will be sorted by
the sum of all terms weight.
items:
description: UpdatePriorityWeightTerm defines weight priority.
properties:
matchSelector:
description: MatchSelector is used to select by pod's
labels.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching the corresponding
matchExpressions, in the range 1-100.
format: int32
type: integer
required:
- matchSelector
- weight
type: object
type: array
type: object
scatterStrategy:
description: |-
ScatterStrategy defines the scatter rules to make pods been scattered when update.
This will avoid pods with the same key-value to be updated in one batch.
- Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them.
- If scatterStrategy is used, we suggest to just use one term. Otherwise, the update order can be hard to understand.
items:
properties:
key:
type: string
value:
type: string
required:
- key
- value
type: object
type: array
type:
description: |-
Type indicates the type of the CloneSetUpdateStrategy.
Default is ReCreate.
type: string
type: object
volumeClaimTemplates:
description: |-
VolumeClaimTemplates is a list of claims that pods are allowed to reference.
Note that PVC will be deleted when its pod has been deleted.
x-kubernetes-preserve-unknown-fields: true
required:
- selector
- template
type: object
status:
description: CloneSetStatus defines the observed state of CloneSet
properties:
availableReplicas:
description: AvailableReplicas is the number of Pods created by the
CloneSet controller that have a Ready Condition for at least minReadySeconds.
format: int32
type: integer
collisionCount:
description: |-
CollisionCount is the count of hash collisions for the CloneSet. The CloneSet controller
uses this field as a collision avoidance mechanism when it needs to create the name for the
newest ControllerRevision.
format: int32
type: integer
conditions:
description: Conditions represents the latest available observations
of a CloneSet's current state.
items:
description: CloneSetCondition describes the state of a CloneSet
at a certain point.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of CloneSet condition.
type: string
required:
- status
- type
type: object
type: array
currentRevision:
description: currentRevision, if not empty, indicates the current
revision version of the CloneSet.
type: string
expectedUpdatedReplicas:
description: |-
ExpectedUpdatedReplicas is the number of Pods that should be updated by CloneSet controller.
This field is calculated via Replicas - Partition.
format: int32
type: integer
labelSelector:
description: LabelSelector is label selectors for query over pods
that should match the replica count used by HPA.
type: string
observedGeneration:
description: |-
ObservedGeneration is the most recent generation observed for this CloneSet. It corresponds to the
CloneSet's generation, which is updated on mutation by the API Server.
format: int64
type: integer
readyReplicas:
description: ReadyReplicas is the number of Pods created by the CloneSet
controller that have a Ready Condition.
format: int32
type: integer
replicas:
description: Replicas is the number of Pods created by the CloneSet
controller.
format: int32
type: integer
updateRevision:
description: UpdateRevision, if not empty, indicates the latest revision
of the CloneSet.
type: string
updatedAvailableReplicas:
description: |-
UpdatedAvailableReplicas is the number of Pods created by the CloneSet controller from the CloneSet version
indicated by updateRevision and have a Ready Condition for at least minReadySeconds.
format: int32
type: integer
updatedReadyReplicas:
description: |-
UpdatedReadyReplicas is the number of Pods created by the CloneSet controller from the CloneSet version
indicated by updateRevision and have a Ready Condition.
format: int32
type: integer
updatedReplicas:
description: |-
UpdatedReplicas is the number of Pods created by the CloneSet controller from the CloneSet version
indicated by updateRevision.
format: int32
type: integer
required:
- availableReplicas
- readyReplicas
- replicas
- updatedReadyReplicas
- updatedReplicas
type: object
type: object
served: true
storage: true
subresources:
scale:
labelSelectorPath: .status.labelSelector
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}
{{- end }}

345
versions/kruise/1.7.1/templates/apps.kruise.io_containerrecreaterequests.yaml Normal file
View File

@ -0,0 +1,345 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: containerrecreaterequests.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: ContainerRecreateRequest
listKind: ContainerRecreateRequestList
plural: containerrecreaterequests
shortNames:
- crr
singular: containerrecreaterequest
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Phase of this ContainerRecreateRequest.
jsonPath: .status.phase
name: PHASE
type: string
- description: Pod name of this ContainerRecreateRequest.
jsonPath: .spec.podName
name: POD
type: string
- description: Pod name of this ContainerRecreateRequest.
jsonPath: .metadata.labels.crr\.apps\.kruise\.io/node-name
name: NODE
type: string
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ContainerRecreateRequest is the Schema for the containerrecreaterequests
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ContainerRecreateRequestSpec defines the desired state of
ContainerRecreateRequest
properties:
activeDeadlineSeconds:
description: ActiveDeadlineSeconds is the deadline duration of this
ContainerRecreateRequest.
format: int64
type: integer
containers:
description: Containers contains the containers that need to recreate
in the Pod.
items:
description: ContainerRecreateRequestContainer defines the container
that need to recreate.
properties:
name:
description: |-
Name of the container that need to recreate.
It must be existing in the real pod.Spec.Containers.
type: string
ports:
description: |-
Ports is synced from the real container in Pod spec during this ContainerRecreateRequest creating.
Populated by the system.
Read-only.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: |-
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: |-
Number of port to expose on the host.
If specified, this must be a valid port number, 0 < x < 65536.
If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
name:
description: |-
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
type: string
protocol:
default: TCP
description: |-
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
preStop:
description: |-
PreStop is synced from the real container in Pod spec during this ContainerRecreateRequest creating.
Populated by the system.
Read-only.
properties:
exec:
description: |-
One and only one of the following should be specified.
Exec specifies the action to take.
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: |-
TCPSocket specifies an action involving a TCP port.
TCP hooks not yet supported
TODO: implement a realistic TCP lifecycle hook
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
statusContext:
description: |-
StatusContext is synced from the real Pod status during this ContainerRecreateRequest creating.
Populated by the system.
Read-only.
properties:
containerID:
description: Container's ID in the format 'docker://<container_id>'.
type: string
restartCount:
description: |-
The number of times the container has been restarted, currently based on
the number of dead containers that have not yet been removed.
Note that this is calculated from dead containers. But those containers are subject to
garbage collection. This value will get capped at 5 by GC.
format: int32
type: integer
required:
- containerID
- restartCount
type: object
required:
- name
type: object
type: array
podName:
description: PodName is name of the Pod that owns the recreated containers.
type: string
strategy:
description: Strategy defines strategies for containers recreation.
properties:
failurePolicy:
description: FailurePolicy decides whether to continue if one
container fails to recreate
type: string
forceRecreate:
description: ForceRecreate indicates whether to force kill the
container even if the previous container is starting.
type: boolean
minStartedSeconds:
description: |-
Minimum number of seconds for which a newly created container should be started and ready
without any of its container crashing, for it to be considered Succeeded.
Defaults to 0 (container will be considered Succeeded as soon as it is started and ready)
format: int32
type: integer
orderedRecreate:
description: OrderedRecreate indicates whether to recreate the
next container only if the previous one has recreated completely.
type: boolean
terminationGracePeriodSeconds:
description: |-
TerminationGracePeriodSeconds is the optional duration in seconds to wait the container terminating gracefully.
Value must be non-negative integer. The value zero indicates delete immediately.
If this value is nil, we will use pod.Spec.TerminationGracePeriodSeconds as default value.
format: int64
type: integer
unreadyGracePeriodSeconds:
description: |-
UnreadyGracePeriodSeconds is the optional duration in seconds to mark Pod as not ready over this duration before
executing preStop hook and stopping the container.
format: int64
type: integer
type: object
ttlSecondsAfterFinished:
description: TTLSecondsAfterFinished is the TTL duration after this
ContainerRecreateRequest has completed.
format: int32
type: integer
required:
- containers
- podName
type: object
status:
description: ContainerRecreateRequestStatus defines the observed state
of ContainerRecreateRequest
properties:
completionTime:
description: |-
Represents time when the ContainerRecreateRequest was completed. It is not guaranteed to
be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
containerRecreateStates:
description: ContainerRecreateStates contains the recreation states
of the containers.
items:
description: ContainerRecreateRequestContainerRecreateState contains
the recreation state of the container.
properties:
isKilled:
description: Containers are killed by kruise daemon
type: boolean
message:
description: A human readable message indicating details about
this state.
type: string
name:
description: Name of the container.
type: string
phase:
description: Phase indicates the recreation phase of the container.
type: string
required:
- name
- phase
type: object
type: array
message:
description: A human readable message indicating details about this
ContainerRecreateRequest.
type: string
phase:
description: Phase of this ContainerRecreateRequest, e.g. Pending,
Recreating, Completed
type: string
required:
- phase
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

465
versions/kruise/1.7.1/templates/apps.kruise.io_daemonsets.yaml Normal file
View File

@ -0,0 +1,465 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: daemonsets.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: DaemonSet
listKind: DaemonSetList
plural: daemonsets
shortNames:
- daemon
- ads
singular: daemonset
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The desired number of pods.
jsonPath: .status.desiredNumberScheduled
name: DESIRED
type: integer
- description: The current number of pods.
jsonPath: .status.currentNumberScheduled
name: CURRENT
type: integer
- description: The ready number of pods.
jsonPath: .status.numberReady
name: READY
type: integer
- description: The updated number of pods.
jsonPath: .status.updatedNumberScheduled
name: UP-TO-DATE
type: integer
- description: The updated number of pods.
jsonPath: .status.numberAvailable
name: AVAILABLE
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- description: The containers of currently daemonset.
jsonPath: .spec.template.spec.containers[*].name
name: CONTAINERS
priority: 1
type: string
- description: The images of currently advanced daemonset.
jsonPath: .spec.template.spec.containers[*].image
name: IMAGES
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: DaemonSet is the Schema for the daemonsets API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DaemonSetSpec defines the desired state of DaemonSet
properties:
burstReplicas:
anyOf:
- type: integer
- type: string
description: |-
BurstReplicas is a rate limiter for booting pods on a lot of pods.
The default value is 250
x-kubernetes-int-or-string: true
lifecycle:
description: |-
Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
Currently, we only support pre-delete hook for Advanced DaemonSet.
properties:
inPlaceUpdate:
description: InPlaceUpdate is the hook before Pod to update and
after Pod has been updated.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
preDelete:
description: PreDelete is the hook before Pod to be deleted.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
preNormal:
description: PreNormal is the hook after Pod to be created and
ready to be Normal.
properties:
finalizersHandler:
items:
type: string
type: array
labelsHandler:
additionalProperties:
type: string
type: object
markPodNotReady:
description: |-
MarkPodNotReady = true means:
- Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
- Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
Default to false.
type: boolean
type: object
type: object
minReadySeconds:
description: |-
The minimum number of seconds for which a newly created DaemonSet pod should
be ready without any of its container crashing, for it to be considered
available. Defaults to 0 (pod will be considered available as soon as it
is ready).
format: int32
type: integer
revisionHistoryLimit:
description: |-
The number of old history to retain to allow rollback.
This is a pointer to distinguish between explicit zero and not specified.
Defaults to 10.
format: int32
type: integer
selector:
description: |-
A label query over pods that are managed by the daemon set.
Must match in order to be controlled.
It must match the pod template's labels.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
template:
description: |-
An object that describes the pod that will be created.
The DaemonSet will create exactly one copy of this pod on every node
that matches the template's node selector (or on every node if no node
selector is specified).
More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
x-kubernetes-preserve-unknown-fields: true
updateStrategy:
description: An update strategy to replace existing DaemonSet pods
with new pods.
properties:
rollingUpdate:
description: Rolling update config params. Present only if type
= "RollingUpdate".
properties:
maxSurge:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of nodes with an existing available DaemonSet pod that
can have an updated DaemonSet pod during during an update.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
This can not be 0 if MaxUnavailable is 0.
Absolute number is calculated from percentage by rounding up to a minimum of 1.
Default value is 0.
Example: when this is set to 30%, at most 30% of the total number of nodes
that should be running the daemon pod (i.e. status.desiredNumberScheduled)
can have their a new pod created before the old pod is marked as deleted.
The update starts by launching new pods on 30% of nodes. Once an updated
pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
on that node is marked deleted. If the old pod becomes unavailable for any
reason (Ready transitions to false, is evicted, or is drained) an updated
pod is immediately created on that node without considering surge limits.
Allowing surge implies the possibility that the resources consumed by the
daemonset on any given node can double if the readiness check fails, and
so resource intensive daemonsets should take into account that they may
cause evictions during disruption.
This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of DaemonSet pods that can be unavailable during the
update. Value can be an absolute number (ex: 5) or a percentage of total
number of DaemonSet pods at the start of the update (ex: 10%). Absolute
number is calculated from percentage by rounding up.
This cannot be 0 if MaxSurge is 0
Default value is 1.
Example: when this is set to 30%, at most 30% of the total number of nodes
that should be running the daemon pod (i.e. status.desiredNumberScheduled)
can have their pods stopped for an update at any given time. The update
starts by stopping at most 30% of those DaemonSet pods and then brings
up new DaemonSet pods in their place. Once the new pods are available,
it then proceeds onto other DaemonSet pods, thus ensuring that at least
70% of original number of DaemonSet pods are available at all times during
the update.
x-kubernetes-int-or-string: true
partition:
description: |-
The number of DaemonSet pods remained to be old version.
Default value is 0.
Maximum value is status.DesiredNumberScheduled, which means no pod will be updated.
format: int32
type: integer
paused:
description: |-
Indicates that the daemon set is paused and will not be processed by the
daemon set controller.
type: boolean
rollingUpdateType:
description: Type is to specify which kind of rollingUpdate.
type: string
selector:
description: |-
A label query over nodes that are managed by the daemon set RollingUpdate.
Must match in order to be controlled.
It must match the node's labels.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type:
description: Type of daemon set update. Can be "RollingUpdate"
or "OnDelete". Default is RollingUpdate.
type: string
type: object
required:
- selector
- template
type: object
status:
description: DaemonSetStatus defines the observed state of DaemonSet
properties:
collisionCount:
description: |-
Count of hash collisions for the DaemonSet. The DaemonSet controller
uses this field as a collision avoidance mechanism when it needs to
create the name for the newest ControllerRevision.
format: int32
type: integer
conditions:
description: Represents the latest available observations of a DaemonSet's
current state.
items:
description: DaemonSetCondition describes the state of a DaemonSet
at a certain point.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of DaemonSet condition.
type: string
required:
- status
- type
type: object
type: array
currentNumberScheduled:
description: |-
The number of nodes that are running at least 1
daemon pod and are supposed to run the daemon pod.
More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
format: int32
type: integer
daemonSetHash:
description: DaemonSetHash is the controller-revision-hash, which
represents the latest version of the DaemonSet.
type: string
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the daemon
pod (including nodes correctly running the daemon pod).
More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
format: int32
type: integer
numberAvailable:
description: |-
The number of nodes that should be running the
daemon pod and have one or more of the daemon pod running and
available (ready for at least spec.minReadySeconds)
format: int32
type: integer
numberMisscheduled:
description: |-
The number of nodes that are running the daemon pod, but are
not supposed to run the daemon pod.
More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
format: int32
type: integer
numberReady:
description: |-
The number of nodes that should be running the daemon pod and have one
or more of the daemon pod running and ready.
format: int32
type: integer
numberUnavailable:
description: |-
The number of nodes that should be running the
daemon pod and have none of the daemon pod running and available
(ready for at least spec.minReadySeconds)
format: int32
type: integer
observedGeneration:
description: The most recent generation observed by the daemon set
controller.
format: int64
type: integer
updatedNumberScheduled:
description: The total number of nodes that are running updated daemon
pod
format: int32
type: integer
required:
- currentNumberScheduled
- daemonSetHash
- desiredNumberScheduled
- numberMisscheduled
- numberReady
- updatedNumberScheduled
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

315
versions/kruise/1.7.1/templates/apps.kruise.io_imagelistpulljobs.yaml Normal file
View File

@ -0,0 +1,315 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: imagelistpulljobs.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: ImageListPullJob
listKind: ImageListPullJobList
plural: imagelistpulljobs
singular: imagelistpulljob
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Number of image pull job
jsonPath: .status.desired
name: TOTAL
type: integer
- description: Number of image pull job succeeded
jsonPath: .status.succeeded
name: SUCCEEDED
type: integer
- description: Number of ImagePullJobs which are finished
jsonPath: .status.completed
name: COMPLETED
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ImageListPullJob is the Schema for the imagelistpulljobs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ImageListPullJobSpec defines the desired state of ImageListPullJob
properties:
completionPolicy:
description: |-
CompletionPolicy indicates the completion policy of the job.
Default is Always CompletionPolicyType.
properties:
activeDeadlineSeconds:
description: |-
ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
before the system tries to terminate it; value must be positive integer.
Only works for Always type.
format: int64
type: integer
ttlSecondsAfterFinished:
description: |-
ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset,
the Job won't be automatically deleted. If this field is set to zero,
the Job becomes eligible to be deleted immediately after it finishes.
This field is alpha-level and is only honored by servers that enable the
TTLAfterFinished feature.
Only works for Always type
format: int32
type: integer
type:
description: |-
Type indicates the type of the CompletionPolicy.
Default is Always.
type: string
type: object
imagePullPolicy:
description: |-
Image pull policy.
One of Always, IfNotPresent. Defaults to IfNotPresent.
type: string
images:
description: Images is the image list to be pulled by the job
items:
type: string
type: array
parallelism:
anyOf:
- type: integer
- type: string
description: |-
Parallelism is the requested parallelism, it can be set to any non-negative value. If it is unspecified,
it defaults to 1. If it is specified as 0, then the Job is effectively paused until it is increased.
x-kubernetes-int-or-string: true
podSelector:
description: |-
PodSelector is a query over pods that should pull image on nodes of these pods.
Mutually exclusive with Selector.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
pullPolicy:
description: |-
PullPolicy is an optional field to set parameters of the pulling task. If not specified,
the system will use the default values.
properties:
backoffLimit:
description: |-
Specifies the number of retries before marking the pulling task failed.
Defaults to 3
format: int32
type: integer
timeoutSeconds:
description: |-
Specifies the timeout of the pulling task.
Defaults to 600
format: int32
type: integer
type: object
pullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image.
If specified, these secrets will be passed to individual puller implementations for them to use. For example,
in the case of docker, only DockerConfig type secrets are honored.
items:
type: string
type: array
sandboxConfig:
description: SandboxConfig support attach metadata in PullImage CRI
interface during ImagePulljobs
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
selector:
description: |-
Selector is a query over nodes that should match the job.
nil to match all nodes.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
names:
description: Names specify a set of nodes to execute the job.
items:
type: string
type: array
type: object
x-kubernetes-map-type: atomic
required:
- completionPolicy
- images
type: object
status:
description: ImageListPullJobStatus defines the observed state of ImageListPullJob
properties:
active:
description: The number of running ImagePullJobs which are acknowledged
by the imagepulljob controller.
format: int32
type: integer
completed:
description: The number of ImagePullJobs which are finished
format: int32
type: integer
completionTime:
description: |-
Represents time when the all the image pull job was completed. It is not guaranteed to
be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
desired:
description: The desired number of ImagePullJobs, this is typically
equal to the number of len(spec.Images).
format: int32
type: integer
failedImageStatuses:
description: The status of ImagePullJob which has the failed nodes(status.Failed>0)
.
items:
description: FailedImageStatus the state of ImagePullJob which has
the failed nodes(status.Failed>0)
properties:
imagePullJob:
description: The name of ImagePullJob which has the failed nodes(status.Failed>0)
type: string
message:
description: The text prompt for job running status.
type: string
name:
description: Name of the image
type: string
type: object
type: array
startTime:
description: |-
Represents time when the job was acknowledged by the job controller.
It is not guaranteed to be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
succeeded:
description: The number of image pull job which are finished and status.Succeeded==status.Desired.
format: int32
type: integer
required:
- desired
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

310
versions/kruise/1.7.1/templates/apps.kruise.io_imagepulljobs.yaml Normal file
View File

@ -0,0 +1,310 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: imagepulljobs.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: ImagePullJob
listKind: ImagePullJobList
plural: imagepulljobs
singular: imagepulljob
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Number of all nodes matched by this job
jsonPath: .status.desired
name: TOTAL
type: integer
- description: Number of image pull task active
jsonPath: .status.active
name: ACTIVE
type: integer
- description: Number of image pull task succeeded
jsonPath: .status.succeeded
name: SUCCEED
type: integer
- description: Number of image pull tasks failed
jsonPath: .status.failed
name: FAILED
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- description: Summary of status when job is failed
jsonPath: .status.message
name: MESSAGE
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: ImagePullJob is the Schema for the imagepulljobs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ImagePullJobSpec defines the desired state of ImagePullJob
properties:
completionPolicy:
description: |-
CompletionPolicy indicates the completion policy of the job.
Default is Always CompletionPolicyType.
properties:
activeDeadlineSeconds:
description: |-
ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
before the system tries to terminate it; value must be positive integer.
Only works for Always type.
format: int64
type: integer
ttlSecondsAfterFinished:
description: |-
ttlSecondsAfterFinished limits the lifetime of a Job that has finished
execution (either Complete or Failed). If this field is set,
ttlSecondsAfterFinished after the Job finishes, it is eligible to be
automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is unset,
the Job won't be automatically deleted. If this field is set to zero,
the Job becomes eligible to be deleted immediately after it finishes.
This field is alpha-level and is only honored by servers that enable the
TTLAfterFinished feature.
Only works for Always type
format: int32
type: integer
type:
description: |-
Type indicates the type of the CompletionPolicy.
Default is Always.
type: string
type: object
image:
description: Image is the image to be pulled by the job
type: string
imagePullPolicy:
description: |-
Image pull policy.
One of Always, IfNotPresent. Defaults to IfNotPresent.
type: string
parallelism:
anyOf:
- type: integer
- type: string
description: |-
Parallelism is the requested parallelism, it can be set to any non-negative value. If it is unspecified,
it defaults to 1. If it is specified as 0, then the Job is effectively paused until it is increased.
x-kubernetes-int-or-string: true
podSelector:
description: |-
PodSelector is a query over pods that should pull image on nodes of these pods.
Mutually exclusive with Selector.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
pullPolicy:
description: |-
PullPolicy is an optional field to set parameters of the pulling task. If not specified,
the system will use the default values.
properties:
backoffLimit:
description: |-
Specifies the number of retries before marking the pulling task failed.
Defaults to 3
format: int32
type: integer
timeoutSeconds:
description: |-
Specifies the timeout of the pulling task.
Defaults to 600
format: int32
type: integer
type: object
pullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image.
If specified, these secrets will be passed to individual puller implementations for them to use. For example,
in the case of docker, only DockerConfig type secrets are honored.
items:
type: string
type: array
sandboxConfig:
description: SandboxConfig support attach metadata in PullImage CRI
interface during ImagePulljobs
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
selector:
description: |-
Selector is a query over nodes that should match the job.
nil to match all nodes.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
names:
description: Names specify a set of nodes to execute the job.
items:
type: string
type: array
type: object
x-kubernetes-map-type: atomic
required:
- completionPolicy
- image
type: object
status:
description: ImagePullJobStatus defines the observed state of ImagePullJob
properties:
active:
description: The number of actively running pulling tasks.
format: int32
type: integer
completionTime:
description: |-
Represents time when the job was completed. It is not guaranteed to
be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
desired:
description: The desired number of pulling tasks, this is typically
equal to the number of nodes satisfied.
format: int32
type: integer
failed:
description: The number of pulling tasks which reached phase Failed.
format: int32
type: integer
failedNodes:
description: The nodes that failed to pull the image.
items:
type: string
type: array
message:
description: The text prompt for job running status.
type: string
startTime:
description: |-
Represents time when the job was acknowledged by the job controller.
It is not guaranteed to be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
succeeded:
description: The number of pulling tasks which reached phase Succeeded.
format: int32
type: integer
required:
- desired
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

343
versions/kruise/1.7.1/templates/apps.kruise.io_nodeimages.yaml Normal file
View File

@ -0,0 +1,343 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: nodeimages.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: NodeImage
listKind: NodeImageList
plural: nodeimages
singular: nodeimage
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Number of all images on this node
jsonPath: .status.desired
name: DESIRED
type: integer
- description: Number of image pull task active
jsonPath: .status.pulling
name: PULLING
type: integer
- description: Number of image pull task succeeded
jsonPath: .status.succeeded
name: SUCCEED
type: integer
- description: Number of image pull tasks failed
jsonPath: .status.failed
name: FAILED
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: NodeImage is the Schema for the nodeimages API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodeImageSpec defines the desired state of NodeImage
properties:
images:
additionalProperties:
description: ImageSpec defines the pulling spec of an image
properties:
pullSecrets:
description: |-
PullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image.
If specified, these secrets will be passed to individual puller implementations for them to use. For example,
in the case of docker, only DockerConfig type secrets are honored.
items:
description: |-
ReferenceObject comprises a resource name, with a mandatory namespace,
rendered as "<namespace>/<name>".
properties:
name:
type: string
namespace:
type: string
type: object
type: array
sandboxConfig:
description: SandboxConfig support attach metadata in PullImage
CRI interface during ImagePulljobs
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
tags:
description: Tags is a list of versions of this image
items:
description: ImageTagSpec defines the pulling spec of an image
tag
properties:
createdAt:
description: Specifies the create time of this tag
format: date-time
type: string
imagePullPolicy:
description: |-
Image pull policy.
One of Always, IfNotPresent. Defaults to IfNotPresent.
type: string
ownerReferences:
description: |-
List of objects depended by this object. If this image is managed by a controller,
then an entry in this list will point to this controller.
items:
description: |-
ObjectReference contains enough information to let you inspect or modify the referred object.
---
New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
and the version of the actual struct is irrelevant.
5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
Instead of using this type, create a locally provided and used type that is well-focused on your reference.
For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: array
pullPolicy:
description: |-
PullPolicy is an optional field to set parameters of the pulling task. If not specified,
the system will use the default values.
properties:
activeDeadlineSeconds:
description: |-
ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the task may be active
before the system tries to terminate it; value must be positive integer.
if not specified, the system will never terminate it.
format: int64
type: integer
backoffLimit:
description: |-
Specifies the number of retries before marking the pulling task failed.
Defaults to 3
format: int32
type: integer
timeoutSeconds:
description: |-
Specifies the timeout of the pulling task.
Defaults to 600
format: int32
type: integer
ttlSecondsAfterFinished:
description: |-
TTLSecondsAfterFinished limits the lifetime of a pulling task that has finished execution (either Complete or Failed).
If this field is set, ttlSecondsAfterFinished after the task finishes, it is eligible to be automatically deleted.
If this field is unset, the task won't be automatically deleted.
If this field is set to zero, the task becomes eligible to be deleted immediately after it finishes.
format: int32
type: integer
type: object
tag:
description: Specifies the image tag
type: string
version:
description: |-
An opaque value that represents the internal version of this tag that can
be used by clients to determine when objects have changed. May be used for optimistic
concurrency, change detection, and the watch operation on a resource or set of resources.
Clients must treat these values as opaque and passed unmodified back to the server.
Populated by the system.
Read-only.
Value must be treated as opaque by clients and .
format: int64
type: integer
required:
- tag
type: object
type: array
required:
- tags
type: object
description: |-
Specifies images to be pulled on this node
It can not be more than 256 for each NodeImage
type: object
type: object
status:
description: NodeImageStatus defines the observed state of NodeImage
properties:
desired:
description: The desired number of pulling tasks, this is typically
equal to the number of images in spec.
format: int32
type: integer
failed:
description: The number of pulling tasks which reached phase Failed.
format: int32
type: integer
firstSyncStatus:
description: |-
The first of all job has finished on this node. When a node is added to the cluster, we want to know
the time when the node's image pulling is completed, and use it to trigger the operation of the upper system.
properties:
message:
type: string
status:
description: SyncStatusPhase defines the node status
type: string
syncAt:
format: date-time
type: string
type: object
imageStatuses:
additionalProperties:
description: ImageStatus defines the pulling status of an image
properties:
tags:
description: Represents statuses of pulling tasks on this node
items:
description: ImageTagStatus defines the pulling status of
an image tag
properties:
completionTime:
description: |-
Represents time when the pulling task was completed. It is not guaranteed to
be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
imageID:
description: Represents the ID of this image.
type: string
message:
description: Represents the summary information of this
node
type: string
phase:
description: Represents the image pulling task phase.
type: string
progress:
description: |-
Represents the pulling progress of this tag, which is between 0-100. There is no guarantee
of monotonic consistency, and it may be a rollback due to retry during pulling.
format: int32
type: integer
startTime:
description: |-
Represents time when the pulling task was acknowledged by the image puller.
It is not guaranteed to be set in happens-before order across separate operations.
It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
tag:
description: Represents the image tag.
type: string
version:
description: Represents the internal version of this tag
that the daemon handled.
format: int64
type: integer
required:
- phase
- tag
type: object
type: array
required:
- tags
type: object
description: all statuses of active image pulling tasks
type: object
pulling:
description: The number of pulling tasks which are not finished.
format: int32
type: integer
succeeded:
description: The number of pulling tasks which reached phase Succeeded.
format: int32
type: integer
required:
- desired
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

292
versions/kruise/1.7.1/templates/apps.kruise.io_nodepodprobes.yaml Normal file
View File

@ -0,0 +1,292 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: nodepodprobes.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: NodePodProbe
listKind: NodePodProbeList
plural: nodepodprobes
singular: nodepodprobe
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodePodProbe is the Schema for the NodePodProbe API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodePodProbeSpec defines the desired state of NodePodProbe
properties:
podProbes:
items:
properties:
IP:
description: pod ip
type: string
name:
description: pod name
type: string
namespace:
description: pod namespace
type: string
probes:
description: Custom container probe, supports Exec, Tcp, and
returns the result to Pod yaml
items:
properties:
containerName:
description: container name
type: string
name:
description: Name is podProbeMarker.Name#probe.Name
type: string
probe:
description: container probe spec
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a
GRPC port.
properties:
port:
description: Port number of the gRPC service.
Number must be in the range 1 to 65535.
format: int32
type: integer
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to
perform.
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: |-
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
required:
- containerName
- name
- probe
type: object
type: array
uid:
description: pod uid
type: string
required:
- IP
- name
- namespace
- uid
type: object
type: array
type: object
status:
properties:
podProbeStatuses:
description: pod probe results
items:
properties:
name:
description: pod name
type: string
namespace:
description: pod namespace
type: string
probeStates:
description: pod probe result
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned from
one status to another.
format: date-time
type: string
message:
description: |-
If Status=True, Message records the return result of Probe.
If Status=False, Message records Probe's error message
type: string
name:
description: Name is podProbeMarker.Name#probe.Name
type: string
state:
description: container probe exec state, True or False
type: string
required:
- name
- state
type: object
type: array
uid:
description: pod uid
type: string
required:
- name
- namespace
- uid
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

160
versions/kruise/1.7.1/templates/apps.kruise.io_persistentpodstates.yaml Normal file
View File

@ -0,0 +1,160 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: persistentpodstates.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: PersistentPodState
listKind: PersistentPodStateList
plural: persistentpodstates
singular: persistentpodstate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: PersistentPodState is the Schema for the PersistentPodState API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PersistentPodStateSpec defines the desired state of PersistentPodState
properties:
persistentPodAnnotations:
description: Persist the annotations information of the pods that
need to be saved
items:
properties:
key:
type: string
required:
- key
type: object
type: array
persistentPodStateRetentionPolicy:
description: |-
PersistentPodStateRetentionPolicy describes the policy used for PodState.
The default policy of 'WhenScaled' causes when scale down statefulSet, deleting it.
type: string
preferredPersistentTopology:
description: |-
Pod rebuilt topology preferred for node labels, with xx weight
for example kubernetes.io/hostname, failure-domain.beta.kubernetes.io/zone
items:
properties:
preference:
properties:
nodeTopologyKeys:
description: A list of node selector requirements by node's
labels.
items:
type: string
type: array
required:
- nodeTopologyKeys
type: object
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredPersistentTopology:
description: |-
Pod rebuilt topology required for node labels
for example kubernetes.io/hostname, failure-domain.beta.kubernetes.io/zone
properties:
nodeTopologyKeys:
description: A list of node selector requirements by node's labels.
items:
type: string
type: array
required:
- nodeTopologyKeys
type: object
targetRef:
description: |-
TargetReference contains enough information to let you identify an workload for PersistentPodState
Selector and TargetReference are mutually exclusive, TargetReference is priority to take effect
current only support StatefulSet
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- targetRef
type: object
status:
properties:
observedGeneration:
description: |-
observedGeneration is the most recent generation observed for this PersistentPodState. It corresponds to the
PersistentPodState's generation, which is updated on mutation by the API Server.
format: int64
type: integer
podStates:
additionalProperties:
properties:
annotations:
additionalProperties:
type: string
description: pod persistent annotations
type: object
nodeName:
description: pod.spec.nodeName
type: string
nodeTopologyLabels:
additionalProperties:
type: string
description: |-
node topology labels key=value
for example kubernetes.io/hostname=node-1
type: object
type: object
description: |-
When the pod is ready, record some status information of the pod, such as: labels, annotations, topologies, etc.
map[string]PodState -> map[Pod.Name]PodState
type: object
required:
- observedGeneration
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

321
versions/kruise/1.7.1/templates/apps.kruise.io_podprobemarkers.yaml Normal file
View File

@ -0,0 +1,321 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: podprobemarkers.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: PodProbeMarker
listKind: PodProbeMarkerList
plural: podprobemarkers
singular: podprobemarker
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: PodProbeMarker is the Schema for the PodProbeMarker API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PodProbeMarkerSpec defines the desired state of PodProbeMarker
properties:
probes:
description: |-
Custom container probe, current only support Exec().
Probe Result will record in Pod.Status.Conditions, and condition.type=probe.name.
condition.status=True indicates probe success
condition.status=False indicates probe fails
items:
properties:
containerName:
description: container name
type: string
markerPolicy:
description: |-
According to the execution result of ContainerProbe, perform specific actions,
such as: patch Pod labels, annotations, ReadinessGate Condition
It cannot be null at the same time as PodConditionType.
items:
properties:
annotations:
additionalProperties:
type: string
description: Patch annotations pod.annotations
type: object
labels:
additionalProperties:
type: string
description: Patch Labels pod.labels
type: object
state:
description: |-
probe status, True or False
For example: State=Succeeded, annotations[controller.kubernetes.io/pod-deletion-cost] = '10'.
State=Failed, annotations[controller.kubernetes.io/pod-deletion-cost] = '-10'.
In addition, if State=Failed is not defined, Exec execution fails, and the annotations[controller.kubernetes.io/pod-deletion-cost] will be Deleted
type: string
required:
- state
type: object
type: array
name:
description: probe name, unique within the Pod(Even between
different containers, they cannot be the same)
type: string
podConditionType:
description: |-
If it is not empty, the Probe execution result will be recorded on the Pod condition.
It cannot be null at the same time as MarkerPolicy.
For example PodConditionType=game.kruise.io/healthy, pod.status.condition.type = game.kruise.io/healthy.
When probe is Succeeded, pod.status.condition.status = True. Otherwise, when the probe fails to execute, pod.status.condition.status = False.
type: string
probe:
description: container probe spec
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: |-
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
required:
- containerName
- name
- probe
type: object
type: array
selector:
description: |-
Selector is a label query over pods that should exec custom probe
It must match the pod template's labels.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- probes
- selector
type: object
status:
properties:
matchedPods:
description: matched Pods
format: int64
type: integer
observedGeneration:
description: |-
observedGeneration is the most recent generation observed for this PodProbeMarker. It corresponds to the
PodProbeMarker's generation, which is updated on mutation by the API Server.
format: int64
type: integer
required:
- observedGeneration
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

217
versions/kruise/1.7.1/templates/apps.kruise.io_resourcedistributions.yaml Normal file
View File

@ -0,0 +1,217 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: resourcedistributions.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: ResourceDistribution
listKind: ResourceDistributionList
plural: resourcedistributions
shortNames:
- distributor
singular: resourcedistribution
scope: Cluster
versions:
- additionalPrinterColumns:
- description: The desired number of desired distribution and syncs.
jsonPath: .status.desired
name: TOTAL
type: integer
- description: The number of successful distribution and syncs.
jsonPath: .status.succeeded
name: SUCCEED
type: integer
- description: The number of failed distributions and syncs.
jsonPath: .status.failed
name: FAILED
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
description: ResourceDistribution is the Schema for the resourcedistributions
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ResourceDistributionSpec defines the desired state of ResourceDistribution.
properties:
resource:
description: Resource must be the complete yaml that users want to
distribute.
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
targets:
description: Targets defines the namespaces that users want to distribute
to.
properties:
allNamespaces:
description: |-
If AllNamespaces is true, Resource will be distributed to the all namespaces
(except some forbidden namespaces, such as "kube-system" and "kube-public").
type: boolean
excludedNamespaces:
description: |-
If ExcludedNamespaces is not empty, Resource will never be distributed to the listed namespaces.
ExcludedNamespaces has the highest priority.
properties:
list:
items:
description: ResourceDistributionNamespace contains a namespace
name
properties:
name:
description: Namespace name
type: string
type: object
type: array
type: object
includedNamespaces:
description: If IncludedNamespaces is not empty, Resource will
be distributed to the listed namespaces.
properties:
list:
items:
description: ResourceDistributionNamespace contains a namespace
name
properties:
name:
description: Namespace name
type: string
type: object
type: array
type: object
namespaceLabelSelector:
description: If NamespaceLabelSelector is not empty, Resource
will be distributed to the matched namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: object
required:
- resource
- targets
type: object
status:
description: |-
ResourceDistributionStatus defines the observed state of ResourceDistribution.
ResourceDistributionStatus is recorded by kruise, users' modification is invalid and meaningless.
properties:
conditions:
description: Conditions describe the condition when Resource creating,
updating and deleting.
items:
description: ResourceDistributionCondition allows a row to be marked
with additional information.
properties:
failedNamespace:
description: FailedNamespaces describe all failed namespaces
when Status is False
items:
type: string
type: array
lastTransitionTime:
description: LastTransitionTime is the last time the condition
transitioned from one status to another.
format: date-time
type: string
reason:
description: Reason describe human readable message indicating
details about last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of ResourceDistributionCondition.
type: string
required:
- status
- type
type: object
type: array
desired:
description: Desired represents the number of total target namespaces.
format: int32
type: integer
failed:
description: Failed represents the number of failed distributions.
format: int32
type: integer
observedGeneration:
description: ObservedGeneration represents the .metadata.generation
that the condition was set based upon.
format: int64
type: integer
succeeded:
description: Succeeded represents the number of successful distributions.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

639
versions/kruise/1.7.1/templates/apps.kruise.io_sidecarsets.yaml Normal file
View File

@ -0,0 +1,639 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: sidecarsets.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: SidecarSet
listKind: SidecarSetList
plural: sidecarsets
singular: sidecarset
scope: Cluster
versions:
- additionalPrinterColumns:
- description: The number of pods matched.
jsonPath: .status.matchedPods
name: MATCHED
type: integer
- description: The number of pods matched and updated.
jsonPath: .status.updatedPods
name: UPDATED
type: integer
- description: The number of pods matched and ready.
jsonPath: .status.readyPods
name: READY
type: integer
- description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SidecarSet is the Schema for the sidecarsets API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SidecarSetSpec defines the desired state of SidecarSet
properties:
containers:
description: Containers is the list of sidecar containers to be injected
into the selected pod
items:
description: SidecarContainer defines the container of Sidecar
properties:
podInjectPolicy:
description: |-
The rules that injected SidecarContainer into Pod.spec.containers,
not takes effect in initContainers
If BeforeAppContainer, the SidecarContainer will be injected in front of the pod.spec.containers
otherwise it will be injected into the back.
default BeforeAppContainerType
type: string
shareVolumePolicy:
description: |-
If ShareVolumePolicy is enabled, the sidecar container will share the other container's VolumeMounts
in the pod(don't contains the injected sidecar container).
properties:
type:
type: string
type: object
transferEnv:
description: |-
TransferEnv will transfer env info from other container
SourceContainerName is pod.spec.container[x].name; EnvName is pod.spec.container[x].Env.name
items:
properties:
envName:
type: string
envNames:
items:
type: string
type: array
sourceContainerName:
type: string
sourceContainerNameFrom:
properties:
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
type: object
type: object
type: array
upgradeStrategy:
description: 'sidecarContainer upgrade strategy, include: ColdUpgrade,
HotUpgrade'
properties:
hotUpgradeEmptyImage:
description: |-
when HotUpgrade, HotUpgradeEmptyImage is used to complete the hot upgrading process
HotUpgradeEmptyImage is consistent of sidecar container in Command, Args, Liveness probe, etc.
but it does no actual work.
type: string
upgradeType:
description: |-
when sidecar container is stateless, use ColdUpgrade
otherwise HotUpgrade are more HotUpgrade.
examples for istio envoy container is suitable for HotUpgrade
default is ColdUpgrade
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
imagePullSecrets:
description: List of the names of secrets required by pulling sidecar
container images
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
type: array
initContainers:
description: |-
InitContainers is the list of init containers to be injected into the selected pod
We will inject those containers by their name in ascending order
We only inject init containers when a new pod is created, it does not apply to any existing pod
items:
description: SidecarContainer defines the container of Sidecar
properties:
podInjectPolicy:
description: |-
The rules that injected SidecarContainer into Pod.spec.containers,
not takes effect in initContainers
If BeforeAppContainer, the SidecarContainer will be injected in front of the pod.spec.containers
otherwise it will be injected into the back.
default BeforeAppContainerType
type: string
shareVolumePolicy:
description: |-
If ShareVolumePolicy is enabled, the sidecar container will share the other container's VolumeMounts
in the pod(don't contains the injected sidecar container).
properties:
type:
type: string
type: object
transferEnv:
description: |-
TransferEnv will transfer env info from other container
SourceContainerName is pod.spec.container[x].name; EnvName is pod.spec.container[x].Env.name
items:
properties:
envName:
type: string
envNames:
items:
type: string
type: array
sourceContainerName:
type: string
sourceContainerNameFrom:
properties:
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
type: object
type: object
type: array
upgradeStrategy:
description: 'sidecarContainer upgrade strategy, include: ColdUpgrade,
HotUpgrade'
properties:
hotUpgradeEmptyImage:
description: |-
when HotUpgrade, HotUpgradeEmptyImage is used to complete the hot upgrading process
HotUpgradeEmptyImage is consistent of sidecar container in Command, Args, Liveness probe, etc.
but it does no actual work.
type: string
upgradeType:
description: |-
when sidecar container is stateless, use ColdUpgrade
otherwise HotUpgrade are more HotUpgrade.
examples for istio envoy container is suitable for HotUpgrade
default is ColdUpgrade
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
injectionStrategy:
description: InjectionStrategy describe the strategy when sidecarset
is injected into pods
properties:
paused:
description: |-
Paused indicates that SidecarSet will suspend injection into Pods
If Paused is true, the sidecarSet will not be injected to newly created Pods,
but the injected sidecar container remains updating and running.
default is false
type: boolean
revision:
description: |-
Revision can help users rolling update SidecarSet safely. If users set
this filed, SidecarSet will try to inject specific revision according to
different policies.
properties:
customVersion:
description: |-
CustomVersion corresponds to label 'apps.kruise.io/sidecarset-custom-version' of (History) SidecarSet.
SidecarSet will select the specific ControllerRevision via this CustomVersion, and then restore the
history SidecarSet to inject specific version of the sidecar to pods.
type: string
policy:
description: |-
Policy describes the behavior of revision injection.
Defaults to Always.
type: string
revisionName:
description: RevisionName corresponds to a specific ControllerRevision
name of SidecarSet that you want to inject to Pods.
type: string
type: object
type: object
namespace:
description: |-
Namespace sidecarSet will only match the pods in the namespace
otherwise, match pods in all namespaces(in cluster)
type: string
namespaceSelector:
description: |-
NamespaceSelector select which namespaces to inject sidecar containers.
Default to the empty LabelSelector, which matches everything.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
patchPodMetadata:
description: SidecarSet support to inject & in-place update metadata
in pod.
items:
properties:
annotations:
additionalProperties:
type: string
description: annotations
type: object
patchPolicy:
description: |-
labels map[string]string `json:"labels,omitempty"`
patch pod metadata policy, Default is "Retain"
type: string
type: object
type: array
revisionHistoryLimit:
description: |-
RevisionHistoryLimit indicates the maximum quantity of stored revisions about the SidecarSet.
default value is 10
format: int32
type: integer
selector:
description: selector is a label query over pods that should be injected
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
updateStrategy:
description: The sidecarset updateStrategy to use to replace existing
pods with new ones.
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of SidecarSet pods that can be unavailable during the
update. Value can be an absolute number (ex: 5) or a percentage of total
number of SidecarSet pods at the start of the update (ex: 10%). Absolute
number is calculated from percentage by rounding up.
This cannot be 0.
Default value is 1.
x-kubernetes-int-or-string: true
partition:
anyOf:
- type: integer
- type: string
description: |-
Partition is the desired number of pods in old revisions. It means when partition
is set during pods updating, (replicas - partition) number of pods will be updated.
Default value is 0.
x-kubernetes-int-or-string: true
paused:
description: |-
Paused indicates that the SidecarSet is paused to update the injected pods,
but it don't affect the webhook inject sidecar container into the newly created pods.
default is false
type: boolean
priorityStrategy:
description: |-
Priorities are the rules for calculating the priority of updating pods.
Each pod to be updated, will pass through these terms and get a sum of weights.
properties:
orderPriority:
description: |-
Order priority terms, pods will be sorted by the value of orderedKey.
For example:
```
orderPriority:
- orderedKey: key1
- orderedKey: key2
```
First, all pods which have key1 in labels will be sorted by the value of key1.
Then, the left pods which have no key1 but have key2 in labels will be sorted by
the value of key2 and put behind those pods have key1.
items:
description: UpdatePriorityOrderTerm defines order priority.
properties:
orderedKey:
description: |-
Calculate priority by value of this key.
Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value,
such as getting 5 in value '5', getting 10 in value 'sts-10'.
type: string
required:
- orderedKey
type: object
type: array
weightPriority:
description: Weight priority terms, pods will be sorted by
the sum of all terms weight.
items:
description: UpdatePriorityWeightTerm defines weight priority.
properties:
matchSelector:
description: MatchSelector is used to select by pod's
labels.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching the corresponding
matchExpressions, in the range 1-100.
format: int32
type: integer
required:
- matchSelector
- weight
type: object
type: array
type: object
scatterStrategy:
description: |-
ScatterStrategy defines the scatter rules to make pods been scattered when update.
This will avoid pods with the same key-value to be updated in one batch.
- Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them.
- If scatterStrategy is used, we suggest to just use one term. Otherwise, the update order can be hard to understand.
items:
properties:
key:
type: string
value:
type: string
required:
- key
- value
type: object
type: array
selector:
description: If selector is not nil, this upgrade will only update
the selected pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type:
description: |-
Type is NotUpdate, the SidecarSet don't update the injected pods,
it will only inject sidecar container into the newly created pods.
Type is RollingUpdate, the SidecarSet will update the injected pods to the latest version on RollingUpdate Strategy.
default is RollingUpdate
type: string
type: object
volumes:
description: List of volumes that can be mounted by sidecar containers
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description: SidecarSetStatus defines the observed state of SidecarSet
properties:
collisionCount:
description: |-
CollisionCount is the count of hash collisions for the SidecarSet. The SidecarSet controller
uses this field as a collision avoidance mechanism when it needs to create the name for the
newest ControllerRevision.
format: int32
type: integer
latestRevision:
description: LatestRevision, if not empty, indicates the latest controllerRevision
name of the SidecarSet.
type: string
matchedPods:
description: matchedPods is the number of Pods whose labels are matched
with this SidecarSet's selector and are created after sidecarset
creates
format: int32
type: integer
observedGeneration:
description: |-
observedGeneration is the most recent generation observed for this SidecarSet. It corresponds to the
SidecarSet's generation, which is updated on mutation by the API Server.
format: int64
type: integer
readyPods:
description: readyPods is the number of matched Pods that have a ready
condition
format: int32
type: integer
updatedPods:
description: updatedPods is the number of matched Pods that are injected
with the latest SidecarSet's containers
format: int32
type: integer
updatedReadyPods:
description: updatedReadyPods is the number of matched pods that updated
and ready
format: int32
type: integer
required:
- matchedPods
- readyPods
- updatedPods
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

1059
versions/kruise/1.7.1/templates/apps.kruise.io_statefulsets.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1245
versions/kruise/1.7.1/templates/apps.kruise.io_uniteddeployments.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

521
versions/kruise/1.7.1/templates/apps.kruise.io_workloadspreads.yaml Normal file
View File

@ -0,0 +1,521 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: workloadspreads.apps.kruise.io
spec:
group: apps.kruise.io
names:
kind: WorkloadSpread
listKind: WorkloadSpreadList
plural: workloadspreads
shortNames:
- ws
singular: workloadspread
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.name
name: WorkloadName
type: string
- jsonPath: .spec.targetRef.kind
name: WorkloadKind
type: string
- description: Whether use the adaptive reschedule strategy
jsonPath: .spec.scheduleStrategy.type[?(@ == "Adaptive")]
name: Adaptive
type: boolean
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: WorkloadSpread is the Schema for the WorkloadSpread API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: WorkloadSpreadSpec defines the desired state of WorkloadSpread.
properties:
scheduleStrategy:
description: ScheduleStrategy indicates the strategy the WorkloadSpread
used to preform the schedule between each of subsets.
properties:
adaptive:
description: Adaptive is used to communicate parameters when Type
is AdaptiveWorkloadSpreadScheduleStrategyType.
properties:
disableSimulationSchedule:
description: |-
DisableSimulationSchedule indicates whether to disable the feature of simulation schedule.
Default is false.
Webhook can take a simple general predicates to check whether Pod can be scheduled into this subset,
but it just considers the Node resource and cannot replace scheduler to do richer predicates practically.
type: boolean
rescheduleCriticalSeconds:
description: |-
RescheduleCriticalSeconds indicates how long controller will reschedule a schedule failed Pod to the subset that has
redundant capacity after the subset where the Pod lives. If a Pod was scheduled failed and still in a unschedulabe status
over RescheduleCriticalSeconds duration, the controller will reschedule it to a suitable subset.
format: int32
type: integer
type: object
type:
description: |-
Type indicates the type of the WorkloadSpreadScheduleStrategy.
Default is Fixed
enum:
- Adaptive
- Fixed
- ""
type: string
type: object
subsets:
description: Subsets describes the pods distribution details between
each of subsets.
items:
description: WorkloadSpreadSubset defines the details of a subset.
properties:
maxReplicas:
anyOf:
- type: integer
- type: string
description: MaxReplicas indicates the desired max replicas
of this subset.
x-kubernetes-int-or-string: true
name:
description: Name should be unique between all of the subsets
under one WorkloadSpread.
type: string
patch:
description: Patch indicates patching podTemplate to the Pod.
x-kubernetes-preserve-unknown-fields: true
preferredNodeSelectorTerms:
description: Indicates the node preferred selector to form the
subset.
items:
description: |-
An empty preferred scheduling term matches all objects with implicit weight 0
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: |-
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: |-
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: |-
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: |-
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: |-
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: |-
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredNodeSelectorTerm:
description: Indicates the node required selector to form the
subset.
properties:
matchExpressions:
description: A list of node selector requirements by node's
labels.
items:
description: |-
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: |-
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: |-
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements by node's
fields.
items:
description: |-
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: |-
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: |-
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
tolerations:
description: Indicates the tolerations the pods under this subset
have.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
required:
- name
type: object
type: array
targetRef:
description: TargetReference is the target workload that WorkloadSpread
want to control.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- subsets
- targetRef
type: object
status:
description: WorkloadSpreadStatus defines the observed state of WorkloadSpread.
properties:
observedGeneration:
description: |-
ObservedGeneration is the most recent generation observed for this WorkloadSpread. It corresponds to the
WorkloadSpread's generation, which is updated on mutation by the API Server.
format: int64
type: integer
subsetStatuses:
description: Contains the status of each subset. Each element in this
array represents one subset
items:
description: WorkloadSpreadSubsetStatus defines the observed state
of subset
properties:
conditions:
description: Conditions is an array of current observed subset
conditions.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from
one status to another.
format: date-time
type: string
message:
description: A human readable message indicating details
about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
type: string
type:
description: Type of in place set condition.
type: string
required:
- status
- type
type: object
type: array
creatingPods:
additionalProperties:
format: date-time
type: string
description: |-
CreatingPods contains information about pods whose creation was processed by
the webhook handler but not yet been observed by the WorkloadSpread controller.
A pod will be in this map from the time when the webhook handler processed the
creation request to the time when the pod is seen by controller.
The key in the map is the name of the pod and the value is the time when the webhook
handler process the creation request. If the real creation didn't happen and a pod is
still in this map, it will be removed from the list automatically by WorkloadSpread controller
after some time.
If everything goes smooth this map should be empty for the most of the time.
Large number of entries in the map may indicate problems with pod creations.
type: object
deletingPods:
additionalProperties:
format: date-time
type: string
description: DeletingPods is similar with CreatingPods and it
contains information about pod deletion.
type: object
missingReplicas:
description: |-
MissingReplicas is the number of active replicas belong to this subset not be found.
MissingReplicas > 0 indicates the subset is still missing MissingReplicas pods to create
MissingReplicas = 0 indicates the subset already has enough pods, there is no need to create
MissingReplicas = -1 indicates the subset's MaxReplicas not set, then there is no limit for pods number
format: int32
type: integer
name:
description: Name should be unique between all of the subsets
under one WorkloadSpread.
type: string
replicas:
description: Replicas is the most recently observed number of
active replicas for subset.
format: int32
type: integer
required:
- missingReplicas
- name
- replicas
type: object
type: array
versionedSubsetStatuses:
additionalProperties:
items:
description: WorkloadSpreadSubsetStatus defines the observed state
of subset
properties:
conditions:
description: Conditions is an array of current observed subset
conditions.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from
one status to another.
format: date-time
type: string
message:
description: A human readable message indicating details
about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
type: string
type:
description: Type of in place set condition.
type: string
required:
- status
- type
type: object
type: array
creatingPods:
additionalProperties:
format: date-time
type: string
description: |-
CreatingPods contains information about pods whose creation was processed by
the webhook handler but not yet been observed by the WorkloadSpread controller.
A pod will be in this map from the time when the webhook handler processed the
creation request to the time when the pod is seen by controller.
The key in the map is the name of the pod and the value is the time when the webhook
handler process the creation request. If the real creation didn't happen and a pod is
still in this map, it will be removed from the list automatically by WorkloadSpread controller
after some time.
If everything goes smooth this map should be empty for the most of the time.
Large number of entries in the map may indicate problems with pod creations.
type: object
deletingPods:
additionalProperties:
format: date-time
type: string
description: DeletingPods is similar with CreatingPods and
it contains information about pod deletion.
type: object
missingReplicas:
description: |-
MissingReplicas is the number of active replicas belong to this subset not be found.
MissingReplicas > 0 indicates the subset is still missing MissingReplicas pods to create
MissingReplicas = 0 indicates the subset already has enough pods, there is no need to create
MissingReplicas = -1 indicates the subset's MaxReplicas not set, then there is no limit for pods number
format: int32
type: integer
name:
description: Name should be unique between all of the subsets
under one WorkloadSpread.
type: string
replicas:
description: Replicas is the most recently observed number
of active replicas for subset.
format: int32
type: integer
required:
- missingReplicas
- name
- replicas
type: object
type: array
description: |-
VersionedSubsetStatuses is to solve rolling-update problems, where the creation of new-version pod
may be earlier than deletion of old-version pod. We have to calculate the pod subset distribution for
each version.
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

294
versions/kruise/1.7.1/templates/manager.yaml Normal file
View File

@ -0,0 +1,294 @@
{{- if .Values.installation.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: openkruise
name: {{ .Values.installation.namespace }}
{{- end }}
---
apiVersion: v1
kind: Namespace
metadata:
name: kruise-daemon-config
---
apiVersion: v1
kind: Service
metadata:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
spec:
{{ ( include "webhookServiceSpec" . ) | indent 2 }}
{{- if and (not (contains "EnableExternalCerts=true" .Values.featureGates)) (not (contains "AllAlpha=true" .Values.featureGates)) }}
---
apiVersion: v1
kind: Secret
metadata:
name: kruise-webhook-certs
namespace: {{ .Values.installation.namespace }}
{{ ( include "webhookSecretData" . ) }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: kruise-controller-manager
namespace: {{ .Values.installation.namespace }}
spec:
replicas: {{ .Values.manager.replicas }}
selector:
matchLabels:
control-plane: controller-manager
minReadySeconds: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 100%
template:
metadata:
labels:
control-plane: controller-manager
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- args:
- --enable-leader-election
- --metrics-addr=:{{ .Values.manager.metrics.port }}
- --health-probe-addr=:{{ .Values.manager.healthProbe.port }}
- --logtostderr=true
- --leader-election-namespace={{ .Values.installation.namespace }}
- --v={{ .Values.manager.log.level }}
- --feature-gates={{ .Values.featureGates }}
- --sync-period={{ .Values.manager.resyncPeriod }}
{{- if .Values.manager.loggingFormat }}
- --logging-format={{ .Values.manager.loggingFormat }}
{{- end }}
command:
- /manager
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
imagePullPolicy: Always
securityContext:
capabilities:
drop:
- all
add: [ 'NET_BIND_SERVICE' ]
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 65534
name: manager
env:
{{- if .Values.enableKubeCacheMutationDetector }}
- name: KUBE_CACHE_MUTATION_DETECTOR
value: "true"
{{- end }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEBHOOK_PORT
value: "{{ .Values.manager.webhook.port }}"
ports:
- containerPort: {{ .Values.manager.webhook.port }}
name: webhook-server
protocol: TCP
- containerPort: {{ .Values.manager.metrics.port }}
name: metrics
protocol: TCP
- containerPort: {{ .Values.manager.healthProbe.port }}
name: health
protocol: TCP
readinessProbe:
httpGet:
path: readyz
port: {{ .Values.manager.healthProbe.port }}
resources:
{{- toYaml .Values.manager.resources | nindent 12 }}
hostNetwork: {{ .Values.manager.hostNetwork }}
terminationGracePeriodSeconds: 10
serviceAccountName: kruise-manager
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: control-plane
operator: In
values:
- controller-manager
topologyKey: kubernetes.io/hostname
weight: 100
{{- with .Values.manager.nodeAffinity }}
nodeAffinity:
{{ toYaml . | indent 10 }}
{{- end }}
{{- if .Values.manager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.manager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.manager.tolerations }}
tolerations:
{{ toYaml .Values.manager.tolerations | indent 8 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kruise-manager
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
namespace: {{ .Values.installation.namespace }}
{{ ( include "serviceAccountManager" . ) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kruise-daemon
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
namespace: {{ .Values.installation.namespace }}
{{ ( include "serviceAccountDaemon" . ) }}
---
{{ if contains "KruiseDaemon=false" .Values.featureGates }}{{ else }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kruise-daemon
namespace: {{ .Values.installation.namespace }}
labels:
control-plane: daemon
spec:
selector:
matchLabels:
control-plane: daemon
minReadySeconds: 3
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
template:
metadata:
labels:
control-plane: daemon
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.daemon.affinity }}
affinity:
{{ toYaml .Values.daemon.affinity | indent 8 }}
{{- end }}
{{- if .Values.daemon.nodeSelector }}
nodeSelector:
{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
{{- end }}
containers:
- command:
- /kruise-daemon
args:
- --logtostderr=true
- --v=4
- --addr=:{{ .Values.daemon.port }}
- --feature-gates={{ .Values.featureGates }}
- --socket-file={{ .Values.daemon.socketFile }}
{{- if not .Values.daemon.enablePprof }}
- --enable-pprof=false
{{- else }}
- --enable-pprof=true
- --pprof-addr={{ .Values.daemon.pprofAddr }}
{{- end }}
{{- if .Values.daemon.credentialProvider.enable }}
- --plugin-config-file=/credential-provider-config/CredentialProviderPlugin.yaml
- --plugin-bin-dir=/credential-provider-plugin
{{- end }}
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
imagePullPolicy: Always
securityContext:
capabilities:
drop:
- all
add: [ 'NET_BIND_SERVICE' ]
allowPrivilegeEscalation: false
name: daemon
env:
{{- if .Values.enableKubeCacheMutationDetector }}
- name: KUBE_CACHE_MUTATION_DETECTOR
value: "true"
{{- end }}
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
{{- if .Values.daemon.extraEnvs }}
{{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
{{- end }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: {{ .Values.daemon.port }}
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
{{- toYaml .Values.daemon.resources | nindent 12 }}
volumeMounts:
- mountPath: /hostvarrun
name: runtime-socket
readOnly: true
{{- if .Values.daemon.credentialProvider.enable }}
- name: credential-provider-plugin-config
mountPath: /credential-provider-config
readOnly: true
- name: credential-provider-plugin
mountPath: /credential-provider-plugin
readOnly: true
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
- name: aws-credentials-dir
mountPath: /root/.aws
readOnly: true
{{- end }}
{{- end }}
tolerations:
- operator: Exists
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
terminationGracePeriodSeconds: 10
serviceAccountName: kruise-daemon
volumes:
- hostPath:
path: {{ .Values.daemon.socketLocation }}
type: ""
name: runtime-socket
{{- if .Values.daemon.credentialProvider.enable }}
- name: credential-provider-plugin-config
configMap:
name: {{ .Values.daemon.credentialProvider.configmap }}
- hostPath:
path: {{ .Values.daemon.credentialProvider.hostPath }}
type: ""
name: credential-provider-plugin
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
- hostPath:
path: {{ .Values.daemon.credentialProvider.awsCredentialsDir }}
type: ""
name: aws-credentials-dir
{{- end }}
{{- end }}
{{- end }}

198
versions/kruise/1.7.1/templates/policy.kruise.io_podunavailablebudgets.yaml Normal file
View File

@ -0,0 +1,198 @@
{{- if .Values.crds.managed }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: podunavailablebudgets.policy.kruise.io
spec:
group: policy.kruise.io
names:
kind: PodUnavailableBudget
listKind: PodUnavailableBudgetList
plural: podunavailablebudgets
shortNames:
- pub
singular: podunavailablebudget
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: UnavailableAllowed number of pod unavailable that are currently
allowed
jsonPath: .status.unavailableAllowed
name: Allowed
type: integer
- description: CurrentAvailable current number of available pods
jsonPath: .status.currentAvailable
name: Current
type: integer
- description: DesiredAvailable minimum desired number of available pods
jsonPath: .status.desiredAvailable
name: Desired
type: integer
- description: TotalReplicas total number of pods counted by this budget
jsonPath: .status.totalReplicas
name: Total
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
description: PodUnavailableBudget is the Schema for the podunavailablebudgets
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PodUnavailableBudgetSpec defines the desired state of PodUnavailableBudget
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
Delete pod, evict pod or update pod specification is allowed if at most "maxUnavailable" pods selected by
"selector" or "targetRef" are unavailable after the above operation for pod.
MaxUnavailable and MinAvailable are mutually exclusive, MaxUnavailable is priority to take effect
x-kubernetes-int-or-string: true
minAvailable:
anyOf:
- type: integer
- type: string
description: |-
Delete pod, evict pod or update pod specification is allowed if at least "minAvailable" pods selected by
"selector" or "targetRef" will still be available after the above operation for pod.
x-kubernetes-int-or-string: true
selector:
description: Selector label query over pods managed by the budget
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetRef:
description: |-
TargetReference contains enough information to let you identify an workload for PodUnavailableBudget
Selector and TargetReference are mutually exclusive, TargetReference is priority to take effect
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
type: object
type: object
status:
description: PodUnavailableBudgetStatus defines the observed state of
PodUnavailableBudget
properties:
currentAvailable:
description: CurrentAvailable current number of available pods
format: int32
type: integer
desiredAvailable:
description: DesiredAvailable minimum desired number of available
pods
format: int32
type: integer
disruptedPods:
additionalProperties:
format: date-time
type: string
description: |-
DisruptedPods contains information about pods whose eviction or deletion was
processed by the API handler but has not yet been observed by the PodUnavailableBudget.
type: object
observedGeneration:
description: |-
Most recent generation observed when updating this PUB status. UnavailableAllowed and other
status information is valid only if observedGeneration equals to PUB's object generation.
format: int64
type: integer
totalReplicas:
description: TotalReplicas total number of pods counted by this unavailable
budget
format: int32
type: integer
unavailableAllowed:
description: UnavailableAllowed number of pod unavailable that are
currently allowed
format: int32
type: integer
unavailablePods:
additionalProperties:
format: date-time
type: string
description: |-
UnavailablePods contains information about pods whose specification changed(inplace-update pod),
once pod is available(consistent and ready) again, it will be removed from the list.
type: object
required:
- currentAvailable
- desiredAvailable
- totalReplicas
- unavailableAllowed
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

943
versions/kruise/1.7.1/templates/rbac_role.yaml Normal file
View File

@ -0,0 +1,943 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kruise-leader-election-role
namespace: {{ .Values.installation.namespace }}
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: kruise-daemon-role
rules:
- apiGroups:
- apps.kruise.io
resources:
- nodeimages
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- nodeimages/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests
verbs:
- get
- list
- watch
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- nodepodprobes
verbs:
- get
- list
- watch
- apiGroups:
- apps.kruise.io
resources:
- nodepodprobes/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: kruise-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
{{ toYaml .Values.installation.roleListGroups | nindent 2}}
resources:
- '*'
verbs:
- list
- apiGroups:
- '*'
resources:
- '*/scale'
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- replicasets/status
verbs:
- get
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- advancedcronjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- advancedcronjobs/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- advancedcronjobs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- broadcastjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- broadcastjobs/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- broadcastjobs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- clonesets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- clonesets/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- clonesets/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- daemonsets/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- ephemeraljobs
verbs:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- ephemeraljobs/finalizers
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- ephemeraljobs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- imagelistpulljobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- imagelistpulljobs/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- imagelistpulljobs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- imagepulljobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- imagepulljobs/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- imagepulljobs/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- nodeimages
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- nodeimages/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- nodeimages/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- nodepodprobes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- nodepodprobes/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- nodepodprobes/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- persistentpodstates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- persistentpodstates/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- persistentpodstates/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- podprobemarkers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- podprobemarkers/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- podprobemarkers/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- resourcedistributions
verbs:
- get
- list
- watch
- apiGroups:
- apps.kruise.io
resources:
- resourcedistributions/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- resourcedistributions/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- sidecarsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- sidecarsets/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- sidecarsets/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- statefulsets/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- statefulsets/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- uniteddeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- uniteddeployments/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- uniteddeployments/status
verbs:
- get
- patch
- update
- apiGroups:
- apps.kruise.io
resources:
- workloadspreads
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- apps.kruise.io
resources:
- workloadspreads/finalizers
verbs:
- update
- apiGroups:
- apps.kruise.io
resources:
- workloadspreads/status
verbs:
- get
- patch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/ephemeralcontainers
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- patch
- update
- apiGroups:
- policy.kruise.io
resources:
- podunavailablebudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- policy.kruise.io
resources:
- podunavailablebudgets/finalizers
verbs:
- update
- apiGroups:
- policy.kruise.io
resources:
- podunavailablebudgets/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kruise-leader-election-rolebinding
namespace: {{ .Values.installation.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kruise-leader-election-role
subjects:
- kind: ServiceAccount
name: kruise-manager
namespace: {{ .Values.installation.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kruise-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kruise-manager-role
subjects:
- kind: ServiceAccount
name: kruise-manager
namespace: {{ .Values.installation.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kruise-daemon-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kruise-daemon-role
subjects:
- kind: ServiceAccount
name: kruise-daemon
namespace: {{ .Values.installation.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kruise-webhook-role
namespace: {{ .Values.installation.namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- if not (contains "EnableExternalCerts=true" .Values.featureGates) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kruise-certs-role
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
resourceNames:
- kruise-mutating-webhook-configuration
verbs:
- patch
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
resourceNames:
- kruise-validating-webhook-configuration
verbs:
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
resourceNames:
- statefulsets.apps.kruise.io
verbs:
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kruise-certs-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kruise-certs-role
subjects:
- kind: ServiceAccount
name: kruise-manager
namespace: {{ .Values.installation.namespace }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kruise-webhook-rolebinding
namespace: {{ .Values.installation.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kruise-webhook-role
subjects:
- kind: ServiceAccount
name: kruise-manager
namespace: {{ .Values.installation.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: kruise-daemon-secret-role
namespace: kruise-daemon-config
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kruise-daemon-secret-rolebinding
namespace: kruise-daemon-config
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kruise-daemon-secret-role
subjects:
- kind: ServiceAccount
name: kruise-daemon
namespace: {{ .Values.installation.namespace }}

915
versions/kruise/1.7.1/templates/webhookconfiguration.yaml Normal file
View File

@ -0,0 +1,915 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: kruise-mutating-webhook-configuration
annotations:
template: ""
{{- if .Values.externalCerts.annotations }}
{{ toYaml .Values.externalCerts.annotations | indent 4 }}
{{- end }}
webhooks:
{{- if not (contains "PodWebhook=false" .Values.featureGates) }}
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-pod
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
failurePolicy: Fail
name: mpod.kb.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: NotIn
values:
- openkruise
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
{{- end }}
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-advancedcronjob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: madvancedcronjob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- advancedcronjobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-broadcastjob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mbroadcastjob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- broadcastjobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-cloneset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mcloneset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- clonesets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-containerrecreaterequest
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mcontainerrecreaterequest.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- containerrecreaterequests
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-daemonset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mdaemonset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- daemonsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-imagelistpulljob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mimagelistpulljob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- imagelistpulljobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-imagepulljob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mimagepulljob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- imagepulljobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-nodeimage
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mnodeimage.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- nodeimages
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-sidecarset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: msidecarset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- sidecarsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-statefulset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: mstatefulset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- statefulsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /mutate-apps-kruise-io-v1alpha1-uniteddeployment
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: muniteddeployment.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- uniteddeployments
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: kruise-validating-webhook-configuration
annotations:
template: ""
{{- if .Values.externalCerts.annotations }}
{{ toYaml .Values.externalCerts.annotations | indent 4 }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-deployment
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vbuiltindeployment.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- DELETE
resources:
- deployments
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-replicaset
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vbuiltinreplicaset.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- DELETE
resources:
- replicasets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-statefulset
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vbuiltinstatefulset.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- DELETE
resources:
- statefulsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-customresourcedefinition
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vcustomresourcedefinition.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- apiextensions.k8s.io
apiVersions:
- v1
- v1beta1
operations:
- DELETE
resources:
- customresourcedefinitions
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-namespace
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vnamespace.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- namespaces
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-ingress
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vingress.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
- v1beta1
operations:
- DELETE
resources:
- ingresses
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-service
failurePolicy: Ignore
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vservice.kb.io
objectSelector:
matchExpressions:
- key: policy.kruise.io/delete-protection
operator: Exists
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- services
sideEffects: None
{{- if not (contains "PodWebhook=false" .Values.featureGates) }}
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-pod
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vpod.kb.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: NotIn
values:
- openkruise
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- UPDATE
- DELETE
resources:
- pods
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-pod
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vpodeviction.kb.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: NotIn
values:
- openkruise
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods/eviction
sideEffects: None
{{- end }}
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-resourcedistribution
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vresourcedistribution.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- resourcedistributions
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-workloadspread
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vworkloadspread.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- workloadspreads
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-advancedcronjob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vadvancedcronjob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- advancedcronjobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-broadcastjob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vbroadcastjob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- broadcastjobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-cloneset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vcloneset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- clonesets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-daemonset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vdaemonset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- daemonsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-imagelistpulljob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vimagelistpulljob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- imagelistpulljobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-imagepulljob
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vimagepulljob.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- imagepulljobs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-nodeimage
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vnodeimage.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- nodeimages
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-persistentpodstate
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vpersistentpodstate.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- persistentpodstates
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-podprobemarker
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vpodprobemarker.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- podprobemarkers
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-policy-kruise-io-podunavailablebudget
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vpodunavailablebudget.kb.io
rules:
- apiGroups:
- policy.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- podunavailablebudgets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-sidecarset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vsidecarset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- sidecarsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-statefulset
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vstatefulset.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
- v1beta1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- statefulsets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: kruise-webhook-service
namespace: {{ .Values.installation.namespace }}
path: /validate-apps-kruise-io-v1alpha1-uniteddeployment
failurePolicy: Fail
timeoutSeconds: {{ .Values.webhookConfiguration.timeoutSeconds }}
name: vuniteddeployment.kb.io
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- uniteddeployments
sideEffects: None

115
versions/kruise/1.7.1/values.yaml Normal file
View File

@ -0,0 +1,115 @@
# Default values for kruise.
crds:
managed: true
# values for kruise installation
installation:
namespace: kruise-system
createNamespace: true
roleListGroups:
- '*'
featureGates: "ImagePullJobGate=true"
externalCerts:
# annotations to patch for webhook configuration and crd
# e.g. cert-manager.io/inject-ca-from: kruise-system/kruise-webhook
annotations: {}
# KUBE_CACHE_MUTATION_DETECTOR
enableKubeCacheMutationDetector: false
# imagePullSecrets to pull kruise images
imagePullSecrets: []
manager:
# settings for log print
log:
# log level for kruise-manager
level: "4"
replicas: 2
image:
repository: openkruise/kruise-manager
tag: v1.7.1
webhook:
port: 9876
metrics:
port: 8080
healthProbe:
port: 8000
pprofAddr: "localhost:8090"
resyncPeriod: "0"
loggingFormat: ""
# resources of kruise-manager container
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
hostNetwork: false
nodeAffinity: {}
nodeSelector: {}
tolerations: []
webhookConfiguration:
timeoutSeconds: 30
daemon:
log:
# log level for kruise-daemon
level: "4"
port: 10221
enablePprof: true
pprofAddr: "localhost:10222"
socketLocation: "/var/run"
socketFile: ""
nodeSelector: {}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
resources:
limits:
cpu: 50m
memory: 128Mi
requests:
cpu: "0"
memory: "0"
# Extra environment variables that will be pass onto pods.
# For example, when the daemon is used behind a http proxy, you can set the proxy environment variables here.
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
# syntax here.
extraEnvs: []
# - name: HTTP_PROXY
# value: http://my-proxy:8080/
# - name: HTTPS_PROXY
# value: http://my-proxy:8080/
# - name: NO_PROXY
# value: localhost,0.0.0.0,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
credentialProvider:
enable: false
configmap: credential-provider-config
hostPath: credential-provider-plugin
awsCredentialsDir: ""
serviceAccount:
annotations: {}