diff --git a/.env b/.env
new file mode 100644
index 0000000000000000000000000000000000000000..bfa1ff4e3af5c19fd88e70b885c1f2bf2285ca7d
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+CONTROLLER_IP=10.152.183.155
+CONTROLLER_PORT=8181
+SWITCHES_NAMESPACE=l2sm-system
diff --git a/.github/workflows/sync_to_nemo.yaml b/.github/workflows/sync_to_nemo.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6f659bc9d9f67218c6f56e76516b798617a4094a
--- /dev/null
+++ b/.github/workflows/sync_to_nemo.yaml
@@ -0,0 +1,28 @@
+name: Sync to GitLab
+
+on:
+ push:
+ branches:
+ - nemo
+
+jobs:
+ sync:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout GitHub repository
+ uses: actions/checkout@v3
+ with:
+ ref: nemo
+
+ - name: Configure Git
+ run: |
+ git config user.name "Tjaarda1"
+ git config user.email "100383348@alumnos.uc3m.es"
+
+ - name: Add GitLab remote
+ run: |
+ git remote add gitlab https://oauth2:${{ secrets.GITLAB_TOKEN }}@gitlab.eclipse.org/eclipse-research-labs/nemo-project/nemo-infrastructure-management/federated-meta-network-cluster-controller/multi-domain-l2s-m.git
+
+ - name: Push to GitLab
+ run: |
+ git push gitlab nemo:development
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..ebf2498d8fc36bea5439cf9012ac80a43d1d3aec
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.vscode
+tls.b64
+bin/
\ No newline at end of file
diff --git a/L2S-M core/.vscode/launch.json b/.vscode/launch.json
similarity index 68%
rename from L2S-M core/.vscode/launch.json
rename to .vscode/launch.json
index d891394b28682694379e1feecd8193dfc2d10db1..533d397e5c726bd685f50f87616d479d52084a94 100644
--- a/L2S-M core/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -7,11 +7,12 @@
"request": "launch",
"command": "kopf run ${workspaceFolder}/src/operator/l2sm-operator.py",
"env": {
- "CONTROLLER_IP": "10.152.183.3",
- "DATABASE_IP": "10.152.183.132",
+ "CONTROLLER_IP": "10.152.183.42",
+ "DATABASE_IP": "10.152.183.70",
"MYSQL_USER": "l2sm",
"MYSQL_PASSWORD": "l2sm",
- "MYSQL_DATABASE": "l2sm"
+ "MYSQL_DATABASE": "l2sm",
+ "NODE_NAME": "l2sm1"
}
}
]
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000000000000000000000000000000000..c5f3f6b9c754225a4c577122bc2f9c0b49713e3c
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+ "java.configuration.updateBuildConfiguration": "interactive"
+}
\ No newline at end of file
diff --git a/l2sm-api-resources/Dockerfile b/Dockerfile
similarity index 70%
rename from l2sm-api-resources/Dockerfile
rename to Dockerfile
index 509ba75ae7e67c8b2750985092fe04a2f903caf1..d1dd03933c92b0d98cf83d3f1e885f81dbd705ce 100644
--- a/l2sm-api-resources/Dockerfile
+++ b/Dockerfile
@@ -1,20 +1,16 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
# Build the manager binary
FROM golang:1.21 AS builder
diff --git a/Dockerfile.cross b/Dockerfile.cross
new file mode 100644
index 0000000000000000000000000000000000000000..a59165c41b40cce3c2bf257686c4e61a6f299a2d
--- /dev/null
+++ b/Dockerfile.cross
@@ -0,0 +1,33 @@
+# Build the manager binary
+FROM --platform=${BUILDPLATFORM} golang:1.21 AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY cmd/main.go cmd/main.go
+COPY api/ api/
+COPY internal/ internal/
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]
diff --git a/L2S-M core/README.md b/L2S-M core/README.md
deleted file mode 100644
index 9770b67515167866b752bafab4defb21541b91cb..0000000000000000000000000000000000000000
--- a/L2S-M core/README.md
+++ /dev/null
@@ -1,75 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# L2S-M
-Welcome to the official repository of L2S-M, a **Kubernetes operator** that enables virtual networking in K8s clusters.
-
-Link-Layer Secure connectivity for Microservice platforms (L2S-M) is a K8s networking solution that complements the CNI plugin approach of K8s to create and manage virtual networks in K8s clusters. These virtual networks allow workloads (pods) to have isolated link-layer connectivity with other pods in a K8s cluster, regardless of the k8s node where they are actually deployed. L2S-M enables the creation/deletion of virtual networks on-demand, as well as attaching/detaching pods to that networks. The solution is seamlessly integrated within the K8s environment, through a K8s operator:
-
-
-
-L2S-M provides its intended functionalities using a programmable data-plane based on Software Defined Networking (SDN), which in turn provides a high degree of flexibility to dynamically incorporate new application and/or network configurations into K8s clusters. Moreover, L2S-M has been designed to flexibly accommodate various deployment options, ranging from small K8s clusters to those with a high number of distributed nodes.
-
-The main K8s interface of pods remains intact (provided by a CNI plugin), retaining the compatibility with all the standard K8s elements (e.g., services, connectivity through the main interface, etc.). Moreover, the solution has the potential to be used for inter-cluster communications to support scenarios where network functions are spread through multiple distributed infrastructures (this is still a work in progress).
-
-The figure outlines the design of L2S-M. See [how L2S-M works](./additional-info/) to read further details on the L2S-M solution.
-
-If you want to learn how to install L2S-M in your cluster, see the [installation guide](./deployments) of this repository to start its installation.
-
-Did you already install the operator and you cannot wait to start building your own virtual networks in your K8s cluster? Check out our [ping-pong](./examples/ping-pong) example!
-
-If you want more information about the original idea of L2S-M and its initial design, you can check our latest publication in the [IEEE Network journal](https://ieeexplore.ieee.org/document/9740640):
-
-- L. F. Gonzalez, I. Vidal, F. Valera and D. R. Lopez, "Link Layer Connectivity as a Service for Ad-Hoc Microservice Platforms," in IEEE Network, vol. 36, no. 1, pp. 10-17, January/February 2022, doi: 10.1109/MNET.001.2100363.
-
-Did you like L2S-M and want to use it in your K8s infrastructure or project? Please, feel free to do so, and don't forget to cite us!
-
-### Projects where L2S-M is being used:
-- H2020 FISHY Project: https://fishy-project.eu (grant agreement 952644)
-- True5G Project: (PID2019-108713RB-C52 / AEI / 10.13039/501100011033)
-- H2020 Labyrinth project: https://labyrinth2020.eu/ (grant agreement 861696).
-
-### Inter-cluster communications
-We are currently working on a solution to enable communications among workloads deployed on differente Kubernetes clusters. The solution enables the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.
-
-The solution can work jointly with L2S-M or be used standalone through the [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni). Details can be checked [here](https://github.com/Networks-it-uc3m/snd-based-inter-cluster-communications/blob/main/README.md).
-
-The solution enables the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.
-
-### Additional information about L2S-M
-In the [following section](./additional-info) of the repository, you can find a series of documents and slides that provide additional information about L2S-M, including presentations where our solution has been showcased to the public in various events.
-
-L2S-M has been presented in the following events:
-
-* [Open Source Mano (OSM) #13 plenary meeting (01/06/2022)](https://github.com/Networks-it-uc3m/L2S-M/blob/main/additional%20info/OSM%2313%20Plenary%20Meeting.pdf): In this meeting, L2S-M was presented as a solution to enable virtual networking to deploy Cloud Network Functions (CNFs) in K8s clusters. Moreover, the potential use of L2S-M to become the basis for a feature to be introduced in OSM's code was discussed as well.
-
-* [FIHY Summer Camp (20/04/2023)](https://drcn2023.upc.edu/FISHYSummerCamp.html). In this summer camp, we described the utilization of L2S-M in next-generation secured communication scenarios, which are covered in the H2020 FIHSY and Labyrinth projects (see Acnkowledgemnt sections).
-
-### How to reach us
-
-Do you have any doubts about L2S-M or its installation? Do you want to provide feedback about the solution? Please, do not hesitate to contact us out through e-mail!
-
-- Alex T. de Cock Buning: 100383348@alumnos.uc3m.es (Universidad Carlos III de Madrid)
-- Luis F. Gonzalez: luisfgon@it.uc3m.es (Universidad Carlos III de Madrid)
-- Ivan Vidal : ividal@it.uc3m.es (Universidad Carlos III de Madrid)
-- Francisco Valera: fvalera@it.uc3m.es (Universidad Carlos III de Madrid)
-- Diego R. Lopez: diego.r.lopez@telefonica.com (Telefónica I+D)
-
-
-### Acknowledment
-The work in this open-source project has partially been supported by the European H2020 FISHY Project (grant agreement 952644) and by the H2020 Labyrinth project (grant agreement 861696).
diff --git a/L2S-M core/additional-info/development.md b/L2S-M core/additional-info/development.md
deleted file mode 100644
index f8750bd632c7eb9731ab76b34473c45f05416f23..0000000000000000000000000000000000000000
--- a/L2S-M core/additional-info/development.md
+++ /dev/null
@@ -1,89 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# L2S-M Development Guide
-
-Welcome to the L2S-M development guide. This README provides detailed instructions for setting up and developing L2S-M, which consists of four main components: `l2sm-controller`, `l2sm-operator`, `l2sm-switch`, and `l2sm-ned`. Follow the steps below to set up your development environment and deploy each component.
-
-## Table of Contents
-
-- [Repository Structure](#repository-structure)
-- [Prerequisites](#prerequisites)
-- [Component Development and Deployment](#component-development-and-deployment)
- - [L2SM-Controller](#l2sm-controller)
- - [L2SM-Operator](#l2sm-operator)
- - [L2SM-Switch](#l2sm-switch)
-
-## Repository Structure
-
-Below is a brief overview of the repository's structure and the purpose of major directories:
-
-```bash
-L2S-M
-├── .vscode
-│ └── launch.json
-├── LICENSE
-├── README.md
-├── deployment
-| └── custom-installation
-├── build
-... [shortened for brevity] ...
-└── src
- ├── controller
- ├── operator
- └── switch
-```
-In the L2S-M/src directory you will find the source code of each component, which is used to build the images in L2S-M/build.
-In L2S-M/build/README.md there is a guide of how to use the Dockerfiles and build the docker images referencing the code in L2S-M/src. A script has been made to ease this task.
-In L2S-M/deployment/custom-installation there is a guide on how to install each component in kubernetes, that will enable the developing of specific parts of L2S-M
-
-## Prerequisites
-
-Before you begin, ensure you have met the following requirements:
-
-- A kubernetes cluster you have complete access to.
-- Multus installed in the cluster.
-- For each component you're gonna develop, you may need specific tools and software.
-- [L2S-M custom installation](../deployments/custom-installation/). Install L2S-M up to the component you want to modify/debug/develop, and come back here to check how to proceed with the installation.
-
-## Component Development and Deployment
-
-### L2SM-Controller
-
-1. **Custom installation**: The source code for `l2sm-controller` is hosted in a separate repository. Refer to it to see how this component works and how to change it and deploy it manually.
-
-2. **Configuration**: Specify the IP address the `l2sm-controller` is working on in the `deployOperator.yaml` and `deploySwitch.yaml` files, in the [custom-installation](../deployments/custom-installation/) directory.
-
-3. **Custom Installation**: Follow the custom installation instructions exactly as described in the [custom-installation](../deployments/custom-installation/) directory.
-
-### L2SM-Operator
-
->**Note:** you need python3 and the requirements specified in the [L2S-M/src/operator/requirements.txt](../src/operator/requirements.txt) to run it.
-
-1. **Database Setup**: Run the MySQL development database using `mysql-development.yaml`.
-
-2. **Configuration**: Update `launch.json` with the `l2sm-controller` service IP Address and the database IP Address. This file has been made to help launching the application locally.
-
-3. **Debugging**: In Visual Studio Code, run the debug Kopf application. It will launch the app in a terminal, but it doesn't allow actual debugging tools such as custom breakpoints, as it's not a feature in kopf applications.
-
-### L2SM-Switch
-
-1. **Deployment**: Deploy `l2sm-switch` normally, ensuring to comment out `initContainers` in the YAML file. Remove the initial configuration script by using as input spec.container.args: ["sleep infinity"]
-
-2. **Debugging**: For debugging, remove the initial configuration script by and use `exec -it` on the pods to achieve the desired configuration. Since it doesn’t run any background process, no specific image is needed, the current one implements custom commands that enable the current configuration, you can check in the script [L2S-M/src/switch/setup_switch.sh](../src/switch/setup_switch.sh) how the configuration is made.
-
diff --git a/L2S-M core/additional-info/go.mod b/L2S-M core/additional-info/go.mod
deleted file mode 100644
index bed5eeeca98b676002a2d2f7b90823e70278f84f..0000000000000000000000000000000000000000
--- a/L2S-M core/additional-info/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module example
-
-go 1.18
diff --git a/L2S-M core/additional-info/main.go b/L2S-M core/additional-info/main.go
deleted file mode 100644
index 19729983f891ca3a869f9e0ac78e316de232647c..0000000000000000000000000000000000000000
--- a/L2S-M core/additional-info/main.go
+++ /dev/null
@@ -1,70 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package main
-
-import (
- "crypto"
- "crypto/rand"
- "crypto/rsa"
- "crypto/sha256"
- "encoding/base64"
- "fmt"
- "os"
-)
-
-func main() {
-
- // Generate Alice RSA keys Of 2048 Buts
- alicePrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
- if err != nil {
- fmt.Println(err.Error)
- os.Exit(1)
- }
- // Extract Public Key from RSA Private Key
- alicePublicKey := alicePrivateKey.PublicKey
- secretMessage := "IHsKICAgICAgInByb3ZpZGVyIjogewogICAgICAgICJuYW1lIjogInVjM20iLAogICAgICAgICJkb21haW4iOiAiaWRjby51YzNtLmVzIgogICAgICB9LAogICAgICAiYWNjZXNzTGlzdCI6IFsicHVibGljLWtleS0xIiwgInB1YmxpYy1rZXktMiJdCiAgICB9Cg"
- fmt.Println("Original Text ", secretMessage)
- signature := SignPKCS1v15(secretMessage, *alicePrivateKey)
- fmt.Println("Singature : ", signature)
- verif := VerifyPKCS1v15(signature, secretMessage, alicePublicKey)
- fmt.Println(verif)
-}
-
-func SignPKCS1v15(plaintext string, privKey rsa.PrivateKey) string {
- // crypto/rand.Reader is a good source of entropy for blinding the RSA
- // operation.
- rng := rand.Reader
- hashed := sha256.Sum256([]byte(plaintext))
- signature, err := rsa.SignPKCS1v15(rng, &privKey, crypto.SHA256, hashed[:])
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error from signing: %s\n", err)
- return "Error from signing"
- }
- return base64.StdEncoding.EncodeToString(signature)
-}
-
-func VerifyPKCS1v15(signature string, plaintext string, pubkey rsa.PublicKey) string {
- sig, _ := base64.StdEncoding.DecodeString(signature)
- hashed := sha256.Sum256([]byte(plaintext))
- err := rsa.VerifyPKCS1v15(&pubkey, crypto.SHA256, hashed[:], sig)
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error from verification: %s\n", err)
- return "Error from verification:"
- }
- return "Signature Verification Passed"
-}
diff --git a/L2S-M core/build/README.md b/L2S-M core/build/README.md
deleted file mode 100644
index cab420a93f61c3a40ba6c00dfcf6a387428c8861..0000000000000000000000000000000000000000
--- a/L2S-M core/build/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# Build Directory
-
-This directory contains Dockerfiles and scripts for building and pushing Docker images for different components of the project.
-
-The files and scripts are meant to be run directly in the /L2S-M directory, as the COPY instructions will refer to the /L2S-M/src directory.
-
-## Directory Structure:
-
-- `./build/switch`: Dockerfile and related files for building the l2sm-switch Docker image.
-- `./build/controller`: Dockerfile and related files for building the l2sm-controller Docker image.
-- `./build/operator`: Dockerfile and related files for building the l2sm-operator Docker image.
-- `./build/build_images.sh`: Bash script for automating the build and push process of Docker images.
-
-## Script Usage:
-
-### 1. Build Images:
-```bash
-./build/build_images.sh build
-```
-
-This command will build Docker images for l2sm-switch, l2sm-controller, and l2sm-operator.
-
-### 2. Push Images:
-
-```bash
-./build/build_images.sh push
-```
-
-This command will push previously built Docker images to the specified DockerHub repository.
-
-### 3. Build and Push Images:
-
-```bash
-./build/build_images.sh build_push
-```
-
-This command will both build and push Docker images.
-
-Note: Make sure to set the appropriate environment variables in the script before running. (The repo name and the version tag)
-
-For any additional details or customization, refer to the respective Dockerfiles and the build script.
diff --git a/L2S-M core/build/build_images.sh b/L2S-M core/build/build_images.sh
deleted file mode 100755
index 6a2759b64228ad8e4c861a49e326eddb6c50091b..0000000000000000000000000000000000000000
--- a/L2S-M core/build/build_images.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/bash
-set -e
-
-# Set environment variables
-export VERSION="2.3"
-export DOCKERHUB_REPO="alexdecb"
-
-# Function to build image
-build_image() {
- local image_name="$1"
- local folder_name="$2"
-
- echo "Building ${image_name}..."
- docker build -t "${DOCKERHUB_REPO}/${image_name}:${VERSION}" -f "./build/${folder_name}/Dockerfile" .
-}
-
-# Function to push image
-push_image() {
- local image_name="$1"
-
- echo "Pushing ${image_name}..."
- docker push "${DOCKERHUB_REPO}/${image_name}:${VERSION}"
-}
-
-# Option 1: Build image
-if [ "$1" == "build" ]; then
- build_image "l2sm-switch" "switch"
- build_image "l2sm-controller" "controller"
- build_image "l2sm-operator" "operator"
- echo "Images have been built successfully."
-
-# Option 2: Push image
-elif [ "$1" == "push" ]; then
- push_image "l2sm-switch"
- push_image "l2sm-controller"
- push_image "l2sm-operator"
- echo "Images have been pushed successfully."
-
-# Option 3: Build and push image
-elif [ "$1" == "build_push" ]; then
- build_image "l2sm-switch" "switch"
- push_image "l2sm-switch"
- build_image "l2sm-controller" "controller"
- push_image "l2sm-controller"
- build_image "l2sm-operator" "operator"
- push_image "l2sm-operator"
- echo "Images have been built and pushed successfully."
-
-# Invalid option
-else
- echo "Invalid option. Please use 'build', 'push', or 'build_push'."
- exit 1
-fi
diff --git a/L2S-M core/build/controller/Dockerfile b/L2S-M core/build/controller/Dockerfile
deleted file mode 100644
index 48b59f765a24b65070a3a566c11632f9549c7990..0000000000000000000000000000000000000000
--- a/L2S-M core/build/controller/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM onosproject/onos:2.7-latest
-
-COPY ./src/controller ./
-
-RUN apt-get update && \
- apt-get install wget && \
- chmod +x ./setup_controller.sh
-
-ENTRYPOINT ["./setup_controller.sh"]
\ No newline at end of file
diff --git a/L2S-M core/build/operator/Dockerfile b/L2S-M core/build/operator/Dockerfile
deleted file mode 100644
index abee9f13d7031d614e983259547e99cfc9b02335..0000000000000000000000000000000000000000
--- a/L2S-M core/build/operator/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM python:3.11.6
-
-WORKDIR /usr/src/app
-
-COPY ./src/operator/requirements.txt ./
-RUN pip install --no-cache-dir -r requirements.txt
-
-COPY ./src/operator/l2sm-operator.py .
-
-CMD kopf run --liveness=http://0.0.0.0:8080/healthz --standalone --all-namespaces ./l2sm-operator.py
diff --git a/L2S-M core/build/switch/Dockerfile b/L2S-M core/build/switch/Dockerfile
deleted file mode 100644
index 8e96044d250cb3d219b9c665d4cef1f003f89d08..0000000000000000000000000000000000000000
--- a/L2S-M core/build/switch/Dockerfile
+++ /dev/null
@@ -1,26 +0,0 @@
-FROM golang:1.20 AS build
-
-WORKDIR /usr/src/l2sm-switch
-
-COPY ./src/switch/ ./build/switch/build-go.sh ./
-
-RUN chmod +x ./build-go.sh && ./build-go.sh
-
-FROM ubuntu:latest
-
-WORKDIR /usr/local/bin
-
-COPY ./src/switch/vswitch.ovsschema /tmp/
-
-COPY --from=build /usr/local/bin/ .
-
-RUN apt-get update && \
- apt-get install -y net-tools iproute2 netcat-openbsd dnsutils curl iputils-ping iptables nmap tcpdump openvswitch-switch && \
- mkdir /var/run/openvswitch && mkdir -p /etc/openvswitch && ovsdb-tool create /etc/openvswitch/conf.db /tmp/vswitch.ovsschema
-
-COPY ./src/switch/setup_switch.sh .
-
-RUN chmod +x ./setup_switch.sh && \
- mkdir /etc/l2sm/
-
-CMD [ "./setup_switch.sh" ]
\ No newline at end of file
diff --git a/L2S-M core/build/switch/build-go.sh b/L2S-M core/build/switch/build-go.sh
deleted file mode 100644
index 8301f17a71088a5668b9163323160e3540428985..0000000000000000000000000000000000000000
--- a/L2S-M core/build/switch/build-go.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-DEST_DIR="/usr/local/bin"
-
-
-if [ ! -d ${DEST_DIR} ]; then
- mkdir ${DEST_DIR}
-fi
-
-go build -v -o "${DEST_DIR}"/l2sm-init ./cmd/l2sm-init
-go build -v -o "${DEST_DIR}"/l2sm-vxlans ./cmd/l2sm-vxlans
diff --git a/L2S-M core/configs/sampleFile.json b/L2S-M core/configs/sampleFile.json
deleted file mode 100644
index b66ca574ad6341f61a4141ecbd1baa48e01a6d9d..0000000000000000000000000000000000000000
--- a/L2S-M core/configs/sampleFile.json
+++ /dev/null
@@ -1,12 +0,0 @@
-[
- {
- "name": "<NODE_SWITCH_1>",
- "nodeIP": "<IP_SWITCH_1>",
- "neighborNodes": ["<NODE_SWITCH_2>"]
- },
- {
- "name": "<NODE_SWITCH_2>",
- "nodeIP": "<IP_SWITCH_2>",
- "neighborNodes": ["<NODE_SWITCH_1>"]
- }
-]
diff --git a/L2S-M core/deployments/README.md b/L2S-M core/deployments/README.md
deleted file mode 100644
index 4f6d918f14e2479f77aa0d7e27321c4f5c98c41d..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/README.md
+++ /dev/null
@@ -1,68 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# L2S-M Installation Guide
-This guide details the necessary steps to install the L2S-M Kubernetes operator to create and manage virtual networks in your Kubernetes cluster.
-
-
-# Prerequisites
-
-1. Clone the L2S-M repository in your host. This guide will assume that all commands are executed within the L2S-M directory.
-
-2. Install the Multus CNI Plugin in your K8s cluster. For more information on how to install Multus in your cluster, check their [official GitHub repository](https://github.com/k8snetworkplumbingwg/multus-cni).
-
-3. The host-device CNI plugin must be able to be used in your cluster. If it is not present in your K8s distribution, you can find how to install it in your K8s cluster in their [official GitHub repository](https://github.com/containernetworking/plugins).
-
-4. Your K8s Control-Plane node must be able to deploy K8s pods for the operator to work. Remove its master and control-plane taints using the following command:
-```bash
-kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master-
-```
-
-
-## Install L2S-M
-
-Installing L2S-M can be done by using a single command:
-
-```bash
-kubectl create -f ./deployments/l2sm-deployment.yaml
-```
-
-The installation will take around a minute to finish, and to check that everyting is running properly, you may run the following command:
-
-```bash
-kubectl get pods -o wide
-```
-
-Which should give you an output like this:
-
-```bash
-NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
-l2sm-controller-56b45487b7-nglns 1/1 Running 0 129m 10.1.72.72 l2sm2 <none> <none>
-l2sm-operator-7794c5f66d-b9nsf 2/2 Running 0 119m 10.1.14.45 l2sm1 <none> <none>
-l2sm-switch-49qpq 1/1 Running 0 129m 10.1.14.63 l2sm1 <none> <none>
-l2sm-switch-2g696 1/1 Running 0 129m 10.1.72.73 l2sm2 <none> <none>
-```
-With the components: _l2sm-controller_, _l2sm-operator_ and one _l2sm-switch_ for **each** node in the cluster.
-
-After the installation, you can start using L2S-M in one Node. If your Cluster has more than one Node, additional steps must be done, to configure which Nodes are connected between themselves as can be seen in the next subsection, configuring the VxLAN tunnels.
-
-## Configuring VxLANs
-
-Each Node enables the creation of custom L2S-M networks, as can be seen in the [examples section.](../examples/) But for communicating pods that are in different Nodes of the cluster, additional configuration must be done, the VxLAN tunnels between them.
-
-But don't worry! A guide on how this is configured step by step is outlined in [the vxlan configuration guide.](../deployment/vxlans.md)
diff --git a/L2S-M core/deployments/config/account.yaml b/L2S-M core/deployments/config/account.yaml
deleted file mode 100644
index b0ffac260f971e34d69112f5c00bba79c015e935..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/config/account.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: l2sm-operator
diff --git a/L2S-M core/deployments/config/binding.yaml b/L2S-M core/deployments/config/binding.yaml
deleted file mode 100644
index 2ac8f50e2866e9afc5c1c042e19c2bdcec3ea3b6..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/config/binding.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: l2sm-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: l2sm-operator
- namespace: default
diff --git a/L2S-M core/deployments/custom-installation/README.md b/L2S-M core/deployments/custom-installation/README.md
deleted file mode 100644
index 2cbf6f3694878e7f53014422d80350129b17aaac..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/README.md
+++ /dev/null
@@ -1,92 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# L2S-M Installation Guide (Custom Installation)
-
-This guide provides detailed steps for installing the L2S-M Kubernetes operator, enabling you to create and manage virtual networks within your Kubernetes cluster. This custom installation is intended for debugging or understanding the L2S-M components and their functionality.
-
-## Introduction
-
-The L2S-M custom installation is designed for debugging purposes and gaining a deeper understanding of the L2S-M components. Follow the steps below to install the L2S-M Kubernetes operator and configure virtual networks.
-
-## Prerequisites
-
-Before proceeding, ensure that you meet the prerequisites outlined in the [Prerequisites section](./deployment/README.md). Refer to the [./deployment/README.md](./deployment/README.md) file for detailed instructions on meeting these requirements.
-
-
-## Custom Installation Steps
-
-Follow the steps below to perform the custom installation of L2S-M:
-
-
-1. Create the virtual interface definitions using the following command:
- ```bash
-kubectl create -f ./deployments/custom-installation/interfaces_definitions
-```
-
-2. Create the Kubernetes account Service Account and apply their configuration by applying the following command:
- ```bash
-kubectl create -f ./deployments/config/
-```
-
-3. Create the Kubernetes Persistent Volume by using the following kubectl command:
- ```bash
-kubectl create -f ./deployments/custom-installation/mysql/
-```
-
-4. Before deploying the L2S-M operator, it is neccessary to label your master node as the "master" of the cluster. To do so, get the names of your Kubernetes nodes, select the master and apply the "master" label with the following command:
-
- ```bash
-kubectl get nodes
-kubectl label nodes [your-master-node] dedicated=master
-```
-
-5. Deploy the L2S-M Controller by using the following command:
-
-```bash
-kubectl create -f ./deployments/custom-installation/deployController.yaml
-```
- You can check that the deployment was successful if the pod enters the "running" state using the *kubectl get pods* command.
-
-6. After the previous preparation, (make sure the controller is running) you can deploy the operator in your cluster using the YAML deployment file:
- ```bash
-kubectl create -f ./deployments/custom-installation/deployOperator.yaml
-```
-
-Once these two pods are in running state, you can finally deploy the virtual switches and custom CRD
-
-7. This is done by:
-
-**First deploying the virtual OVS Daemonset:**
-```bash
-kubectl create -f ./deployments/custom-installation/deploySwitch.yaml
-```
-
-And check there is a pod running in each node, with ```kubectl get pods -o wide```
-
-8. And launch the CRD definition by:
-```bash
-kubectl create -f ./deployments/custom-installation/l2sm-network-crd.yaml
-```
-
-## Configuring Vxlans
-
-Each node enables the creation of custom L2S-M networks, as can be seen in the [examples section](../../examples/) section. But for communicating pods that are in different Nodes of the cluster, additional configuration must be done, of configuring the Vxlan tunnels between them.
-
-You can proceed to configure Vxlans by following the steps outlined in [the vxlan configuration guide.](../deployment/vxlans.md)
-
diff --git a/L2S-M core/deployments/custom-installation/deployController.yaml b/L2S-M core/deployments/custom-installation/deployController.yaml
deleted file mode 100644
index 7b5c60cbdf0cb05e73b242afd93eea6ddb1cc8ed..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/deployController.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: l2sm-controller
- template:
- metadata:
- labels:
- app: l2sm-controller
- spec:
- containers:
- - name: l2sm-controller
- image: alexdecb/l2sm-controller:2.2
- readinessProbe:
- httpGet:
- path: /onos/ui
- port: 8181
- initialDelaySeconds: 30
- periodSeconds: 10
- ports:
- - containerPort: 6633
- - containerPort: 8181
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-controller-service
-spec:
- selector:
- app: l2sm-controller
- ports:
- - name: of13-port
- protocol: TCP
- port: 6633
- targetPort: 6633
- - name: http-port
- protocol: TCP
- port: 8181
- targetPort: 8181
- type: ClusterIP
diff --git a/L2S-M core/deployments/custom-installation/deployOperator.yaml b/L2S-M core/deployments/custom-installation/deployOperator.yaml
deleted file mode 100644
index 3a7e79e119f1d95be4d6bb3960dbd656f475a24a..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/deployOperator.yaml
+++ /dev/null
@@ -1,161 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-operator
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- l2sm-component: l2sm-opt
- template:
- metadata:
- labels:
- l2sm-component: l2sm-opt
- spec:
- serviceAccountName: l2sm-operator
- initContainers:
- - name: wait-for-l2sm-controller
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-controller-service:8181/onos/ui" -o /dev/null) -ne 302 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - image: alexdecb/l2sm-operator:2.3
- name: l2sm-opt-pod
- env:
- - name: CONTROLLER_IP
- value: l2sm-controller-service
- #imagePullPolicy: Always
- - name: mysql
- image: mysql:5.7
- envFrom:
- - secretRef:
- name: mysql-secret
- ports:
- - containerPort: 3306
- name: mysql
- volumeMounts:
- - name: mysql-persistent-storage
- mountPath: /var/lib/mysql
- - name: initdb-volume
- mountPath: /docker-entrypoint-initdb.d
- volumes:
- - name: mysql-persistent-storage
- persistentVolumeClaim:
- claimName: mysql-pv-claim
- - name: initdb-volume
- configMap:
- name: mysql-schema
- items:
- - key: init.sql
- path: init.sql
- nodeSelector:
- dedicated: master
- tolerations:
- - key: dedicated
- operator: Equal
- value: master
- effect: NoSchedule
-
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-operator-service
-spec:
- ports:
- - protocol: TCP
- port: 8080
- targetPort: 8080
- selector:
- l2sm-component: l2sm-opt
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: mysql-schema
-data:
- init.sql: |
-
- CREATE DATABASE IF NOT EXISTS l2sm;
- USE l2sm;
-
- CREATE TABLE networks (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255) NOT NULL,
- type ENUM('vlink', 'vnet', 'ext-vnet') NOT NULL,
- UNIQUE KEY unique_network_name (name, type)
- );
-
- CREATE TABLE switches (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE neds (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- provider VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE interfaces (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255),
- pod VARCHAR(255),
- switch_id INT,
- ned_id INT,
- network_id INT,
- FOREIGN KEY (switch_id) REFERENCES switches(id),
- FOREIGN KEY (ned_id) REFERENCES neds(id),
- FOREIGN KEY (network_id) REFERENCES networks(id)
- );
-
- -- Define the one-to-many relationship between switches and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_switch_interface
- FOREIGN KEY (switch_id)
- REFERENCES switches(id);
-
- -- Define the one-to-many relationship between neds and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_ned_interface
- FOREIGN KEY (ned_id)
- REFERENCES neds(id);
-
- -- Define the many-to-one relationship between networks and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_network_interface
- FOREIGN KEY (network_id)
- REFERENCES networks(id);
-
-
-
diff --git a/L2S-M core/deployments/custom-installation/deploySwitch.yaml b/L2S-M core/deployments/custom-installation/deploySwitch.yaml
deleted file mode 100644
index a415f0b5fb28cc7d22676c0bbd8291e38e291fb9..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/deploySwitch.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: l2sm-switch
- #namespace: kube-system
- labels:
- l2sm-component: l2sm-switch
-spec:
- selector:
- matchLabels:
- l2sm-component: l2sm-switch
- template:
- metadata:
- labels:
- l2sm-component: l2sm-switch
- annotations:
- k8s.v1.cni.cncf.io/networks: '[{ "name": "veth1", "ips": ["fe80::58d0:b8ff:fe42:debf/64"]}, { "name": "veth2", "ips": ["fe80::58d0:b8ff:fe42:debe/64"]}, { "name": "veth3", "ips": ["fe80::58d0:b8ff:fe42:debd/64"]}, { "name": "veth4", "ips": ["fe80::58d0:b8ff:fe42:debc/64"]}, { "name": "veth5", "ips": ["fe80::58d0:b8ff:fe42:debb/64"]}, { "name": "veth6", "ips": ["fe80::58d0:b8ff:fe42:deba/64"]}, { "name": "veth7", "ips": ["fe80::58d0:b8ff:fe42:deb9/64"]}, { "name": "veth8", "ips": ["fe80::58d0:b8ff:fe42:deb8/64"]}, { "name": "veth9", "ips": ["fe80::58d0:b8ff:fe42:deb7/64"]}, { "name": "veth10", "ips": ["fe80::58d0:b8ff:fe42:deb6/64"]}]'
- spec:
- tolerations:
- # this toleration is to have the daemonset runnable on master nodes
- # remove it if your masters can't run pods
- - key: node-role.kubernetes.io/master
- operator: Exists
- effect: NoSchedule
- # initContainers:
- # - name: wait-for-l2sm-operator
- # image: curlimages/curl
- # args:
- # - /bin/sh
- # - -c
- # - >
- # set -x;
- # while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- # sleep 15;
- # done;
- # sleep 5;
- containers:
- - name: l2sm-switch
- image: alexdecb/l2sm-switch:2.2
- #args: ["setup_switch.sh && sleep infinity"]
- env:
- - name: NODENAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: NVETHS
- value: "10"
- - name: CONTROLLERIP
- value: "l2sm-controller-service"
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeSelector:
- kubernetes.io/arch: amd64
-
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/poda.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/test/poda.yaml
deleted file mode 100644
index 79445bae3d4891ade208a84c394bce97ce52e199..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/poda.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: poda
- labels:
- app: ping-pong
- annotations:
- k8s.v1.cni.cncf.io/networks: '[
- { "name": "ptp1",
- "ips": ["192.168.1.6/16"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- #nodeName: workerk8s
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/podb.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/test/podb.yaml
deleted file mode 100644
index 6a66d8eb28b5d4ca3708d4e6083e2310df126bcb..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/podb.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: podb
- labels:
- app: ping-pong
- annotations:
- k8s.v1.cni.cncf.io/networks: '[
- { "name": "ptp1",
- "ips": ["fe80::58d0:b8ff:fe42:debf/64"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- #nodeName: workerk8s
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml
deleted file mode 100644
index 81d81a3c55796ec1aca9cf809dd34638345547b9..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "name":"veth1",
- "mtu": 1400,
- "device":"veth1",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost1.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost1.yaml
deleted file mode 100644
index d07ee29521795d96e24ea01a92637c3d15d2af83..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost1.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br1",
- "mtu": 1400,
- "device": "veth1",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost10.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost10.yaml
deleted file mode 100644
index 8f1c6c1533c93e736e06a06985db7715b8bef3f3..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost10.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth10
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br10",
- "mtu": 1400,
- "device": "veth10",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost2.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost2.yaml
deleted file mode 100644
index 5c5cfc688679bf97e2190f192b0a93014844440c..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost2.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth2
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br2",
- "mtu": 1400,
- "device": "veth2",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost3.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost3.yaml
deleted file mode 100644
index ed4e3a6f7a9e153f26b81dab4bff1e89a3656464..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost3.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth3
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br3",
- "mtu": 1400,
- "device": "veth3",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost4.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost4.yaml
deleted file mode 100644
index 9bcadd5ce9f38eab43e14d6e7c39e82a3ecc9a4c..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost4.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth4
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br4",
- "mtu": 1400,
- "device": "veth4",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost5.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost5.yaml
deleted file mode 100644
index 9048233a11e1fb9cc7261a640d6d83aafbb6b549..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost5.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth5
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br5",
- "mtu": 1400,
- "device": "veth5",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost6.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost6.yaml
deleted file mode 100644
index 9c61f064cd85ef5853ebdc974fd23045fa211f99..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost6.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth6
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br6",
- "mtu": 1400,
- "device": "veth6",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost7.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost7.yaml
deleted file mode 100644
index 301e24ed9626fa784923fae7522b6b432160256e..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost7.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth7
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br7",
- "mtu": 1400,
- "device": "veth7",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost8.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost8.yaml
deleted file mode 100644
index 315901fc18412335c483daad90f5ad568f811472..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost8.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth8
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br8",
- "mtu": 1400,
- "device": "veth8",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost9.yaml b/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost9.yaml
deleted file mode 100644
index d96bfd8fe8581bb54abad5c1c479048979cf2065..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/interfaces_definitions/vhost9.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth9
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br9",
- "mtu": 1400,
- "device": "veth9",
- "ipam": {
- "type":"static"
- }
- }'
diff --git a/L2S-M core/deployments/custom-installation/mysql/database-schema.yaml b/L2S-M core/deployments/custom-installation/mysql/database-schema.yaml
deleted file mode 100644
index c54d45f0ab6016f63dd724ae9ea8d75e1f81e3df..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/mysql/database-schema.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: mysql-schema
-data:
- init.sql: |
-
- CREATE DATABASE IF NOT EXISTS l2sm;
- USE l2sm;
-
- CREATE TABLE networks (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255) NOT NULL,
- type ENUM('vlink', 'vnet', 'ext-vnet') NOT NULL,
- UNIQUE KEY unique_network_name (name, type)
- );
-
- CREATE TABLE switches (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE neds (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- provider VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE interfaces (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255),
- pod VARCHAR(255),
- switch_id INT,
- ned_id INT,
- network_id INT,
- FOREIGN KEY (switch_id) REFERENCES switches(id),
- FOREIGN KEY (ned_id) REFERENCES neds(id),
- FOREIGN KEY (network_id) REFERENCES networks(id)
- );
-
- -- Define the one-to-many relationship between switches and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_switch_interface
- FOREIGN KEY (switch_id)
- REFERENCES switches(id);
-
- -- Define the one-to-many relationship between neds and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_ned_interface
- FOREIGN KEY (ned_id)
- REFERENCES neds(id);
-
- -- Define the many-to-one relationship between networks and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_network_interface
- FOREIGN KEY (network_id)
- REFERENCES networks(id);
diff --git a/L2S-M core/deployments/custom-installation/mysql/mysql-development.yaml b/L2S-M core/deployments/custom-installation/mysql/mysql-development.yaml
deleted file mode 100644
index 28cdf4398179f872eedb6f32e09d9fd70acb331f..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/mysql/mysql-development.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: mysql-development-pod
- labels:
- app: mysql
-spec:
- containers:
- - name: mysql
- image: mysql:5.7
- envFrom:
- - secretRef:
- name: mysql-secret
- ports:
- - containerPort: 3306
- name: mysql
- volumeMounts:
- - name: mysql-persistent-storage
- mountPath: /var/lib/mysql
- - name: initdb-volume
- mountPath: /docker-entrypoint-initdb.d
- volumes:
- - name: mysql-persistent-storage
- persistentVolumeClaim:
- claimName: mysql-pv-claim
- - name: initdb-volume
- configMap:
- name: mysql-schema
- items:
- - key: init.sql
- path: init.sql
- nodeName: l2sm1
----
-apiVersion: v1
-kind: Service
-metadata:
- name: mysql-development-service
-spec:
- type: NodePort
- ports:
- - port: 3306
- targetPort: 3306
- nodePort: 30001
- protocol: TCP
- selector:
- app: mysql
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: mysql-secret
-type: Opaque
-data:
- MYSQL_ROOT_PASSWORD: cGFzc3dvcmQ= # Base64 encoded "password"
- MYSQL_USER: bDJzbQ== # Base64 encoded "l2sm"
- MYSQL_PASSWORD: bDJzbQ== # Base64 encoded "l2sm"
- MYSQL_DATABASE: bDJzbQ==
diff --git a/L2S-M core/deployments/custom-installation/mysql/mysql-pv.yaml b/L2S-M core/deployments/custom-installation/mysql/mysql-pv.yaml
deleted file mode 100644
index 95265864d2f17f1599d353ad18ccdf7d822af377..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/mysql/mysql-pv.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: mysql-pv
- labels:
- type: local
-spec:
- storageClassName: manual
- capacity:
- storage: 2Gi
- accessModes:
- - ReadWriteOnce
- hostPath:
- path: "/mnt/data"
diff --git a/L2S-M core/deployments/custom-installation/mysql/mysql-pvc.yaml b/L2S-M core/deployments/custom-installation/mysql/mysql-pvc.yaml
deleted file mode 100644
index 88ba27acf72cc0e5c7a2b5b85d01616b0d7f83b3..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/custom-installation/mysql/mysql-pvc.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: mysql-pv-claim
-spec:
- storageClassName: manual
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 2Gi
diff --git a/L2S-M core/deployments/inter-cluster/inter-veths.yaml b/L2S-M core/deployments/inter-cluster/inter-veths.yaml
deleted file mode 100644
index d4ee4999cdfce1db9e2307b3aaf0e3cffaaf5212..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/inter-cluster/inter-veths.yaml
+++ /dev/null
@@ -1,147 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br1",
- "mtu": 1400,
- "device": "inter-veth1"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth2
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br2",
- "mtu": 1400,
- "device": "inter-veth2"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth3
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br3",
- "mtu": 1400,
- "device": "inter-veth3"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth4
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br4",
- "mtu": 1400,
- "device": "inter-veth4"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth5
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br5",
- "mtu": 1400,
- "device": "inter-veth5"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth6
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br6",
- "mtu": 1400,
- "device": "inter-veth6"
- }'
----
-
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth7
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br7",
- "mtu": 1400,
- "device": "inter-veth7"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth8
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br8",
- "mtu": 1400,
- "device": "inter-veth8"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth9
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br9",
- "mtu": 1400,
- "device": "inter-veth9"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth10
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br10",
- "mtu": 1400,
- "device": "inter-veth10"
- }'
diff --git a/L2S-M core/deployments/inter-cluster/l2sm-network-crd.yaml b/L2S-M core/deployments/inter-cluster/l2sm-network-crd.yaml
deleted file mode 100644
index a1b75a58031a407f03a6b4f7969ea78edab8a846..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/inter-cluster/l2sm-network-crd.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: l2sm-networks.l2sm.k8s.local
-spec:
- group: l2sm.k8s.local
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- type:
- type: string
- config:
- type: string
- nullable: true
- signature:
- type: string
- nullable: true
- status:
- type: object
- properties:
- connectedPods:
- type: array
- items:
- type: string
- scope: Namespaced
- names:
- plural: l2sm-networks
- singular: l2sm-network
- kind: L2SMNetwork
- shortNames:
- - l2sm-net
diff --git a/L2S-M core/deployments/inter-cluster/ned.yaml b/L2S-M core/deployments/inter-cluster/ned.yaml
deleted file mode 100644
index 259af1173e3dc34a5944c6d7f7d3909d54543265..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/inter-cluster/ned.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: ned
- labels:
- app: l2sm
-spec:
- hostNetwork: true
- initContainers:
- - name: wait-for-l2sm-operator
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - name: mycontainer
- image: alexdecb/l2sm-switch:2.2
- command: ["sleep", "infinity"]
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeSelector:
- dedicated: master
diff --git a/L2S-M core/deployments/l2sm-deployment.yaml b/L2S-M core/deployments/l2sm-deployment.yaml
deleted file mode 100644
index 7df8024ee9e7d9c738014bb4960a6f30a0eb274b..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/l2sm-deployment.yaml
+++ /dev/null
@@ -1,505 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br1",
- "mtu": 1400,
- "device": "veth1",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth2
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br2",
- "mtu": 1400,
- "device": "veth2",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth3
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br3",
- "mtu": 1400,
- "device": "veth3",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth4
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br4",
- "mtu": 1400,
- "device": "veth4",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth5
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br5",
- "mtu": 1400,
- "device": "veth5",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth6
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br6",
- "mtu": 1400,
- "device": "veth6",
- "ipam": {
- "type":"static"
- }
- }'
----
-
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth7
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br7",
- "mtu": 1400,
- "device": "veth7",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth8
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br8",
- "mtu": 1400,
- "device": "veth8",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth9
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br9",
- "mtu": 1400,
- "device": "veth9",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth10
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br10",
- "mtu": 1400,
- "device": "veth10",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: l2sm-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: l2sm-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: l2sm-operator
- namespace: default
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: mysql-pv
- labels:
- type: local
-spec:
- storageClassName: manual
- capacity:
- storage: 2Gi
- accessModes:
- - ReadWriteOnce
- hostPath:
- path: "/mnt/data"
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: mysql-pv-claim
-spec:
- storageClassName: manual
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 2Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: l2sm-controller
- template:
- metadata:
- labels:
- app: l2sm-controller
- spec:
- containers:
- - name: l2sm-controller
- image: alexdecb/l2sm-controller:2.2
- readinessProbe:
- httpGet:
- path: /onos/ui
- port: 8181
- initialDelaySeconds: 30
- periodSeconds: 10
- ports:
- - containerPort: 6633
- - containerPort: 8181
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-controller-service
-spec:
- selector:
- app: l2sm-controller
- ports:
- - name: of13-port
- protocol: TCP
- port: 6633
- targetPort: 6633
- - name: http-port
- protocol: TCP
- port: 8181
- targetPort: 8181
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-operator
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- l2sm-component: l2sm-opt
- template:
- metadata:
- labels:
- l2sm-component: l2sm-opt
- spec:
- serviceAccountName: l2sm-operator
- initContainers:
- - name: wait-for-l2sm-controller
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-controller-service:8181/onos/ui" -o /dev/null) -ne 302 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - image: alexdecb/l2sm-operator:2.3
- name: l2sm-opt-pod
- env:
- - name: CONTROLLER_IP
- value: l2sm-controller-service
- #imagePullPolicy: Always
- - name: mysql
- image: mysql:5.7
- envFrom:
- - secretRef:
- name: mysql-secret
- ports:
- - containerPort: 3306
- name: mysql
- volumeMounts:
- - name: mysql-persistent-storage
- mountPath: /var/lib/mysql
- - name: initdb-volume
- mountPath: /docker-entrypoint-initdb.d
- volumes:
- - name: mysql-persistent-storage
- persistentVolumeClaim:
- claimName: mysql-pv-claim
- - name: initdb-volume
- configMap:
- name: mysql-schema
- items:
- - key: init.sql
- path: init.sql
- nodeSelector:
- dedicated: master
- tolerations:
- - key: dedicated
- operator: Equal
- value: master
- effect: NoSchedule
-
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-operator-service
-spec:
- ports:
- - protocol: TCP
- port: 8080
- targetPort: 8080
- selector:
- l2sm-component: l2sm-opt
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: mysql-schema
-data:
- init.sql: |
-
- CREATE DATABASE IF NOT EXISTS l2sm;
- USE l2sm;
-
- CREATE TABLE networks (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255) NOT NULL,
- type ENUM('vlink', 'vnet', 'ext-vnet') NOT NULL,
- UNIQUE KEY unique_network_name (name, type)
- );
-
- CREATE TABLE switches (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE neds (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- provider VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE interfaces (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255),
- pod VARCHAR(255),
- switch_id INT,
- ned_id INT,
- network_id INT,
- FOREIGN KEY (switch_id) REFERENCES switches(id),
- FOREIGN KEY (ned_id) REFERENCES neds(id),
- FOREIGN KEY (network_id) REFERENCES networks(id)
- );
-
- -- Define the one-to-many relationship between switches and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_switch_interface
- FOREIGN KEY (switch_id)
- REFERENCES switches(id);
-
- -- Define the one-to-many relationship between neds and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_ned_interface
- FOREIGN KEY (ned_id)
- REFERENCES neds(id);
-
- -- Define the many-to-one relationship between networks and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_network_interface
- FOREIGN KEY (network_id)
- REFERENCES networks(id);
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: l2sm-switch
- #namespace: kube-system
- labels:
- l2sm-component: l2sm-switch
-spec:
- selector:
- matchLabels:
- l2sm-component: l2sm-switch
- template:
- metadata:
- labels:
- l2sm-component: l2sm-switch
- annotations:
- k8s.v1.cni.cncf.io/networks: veth1, veth2, veth3, veth4, veth5, veth6, veth7, veth8, veth9, veth10
- spec:
- tolerations:
- # this toleration is to have the daemonset runnable on master nodes
- # remove it if your masters can't run pods
- - key: node-role.kubernetes.io/master
- operator: Exists
- effect: NoSchedule
- initContainers:
- - name: wait-for-l2sm-operator
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - name: l2sm-switch
- image: alexdecb/l2sm-switch:2.2
- #args: ["setup_switch.sh && sleep infinity"]
- env:
- - name: NODENAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: NVETHS
- value: "10"
- - name: CONTROLLERIP
- value: "l2sm-controller-service"
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeSelector:
- kubernetes.io/arch: amd64
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: l2sm-networks.l2sm.k8s.local
-spec:
- group: l2sm.k8s.local
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- type:
- type: string
- config:
- type: string
- nullable: true
- signature:
- type: string
- nullable: true
- status:
- type: object
- properties:
- connectedPods:
- type: array
- items:
- type: string
- scope: Namespaced
- names:
- plural: l2sm-networks
- singular: l2sm-network
- kind: L2SMNetwork
- shortNames:
- - l2sm-net
-
diff --git a/L2S-M core/deployments/vxlans.md b/L2S-M core/deployments/vxlans.md
deleted file mode 100644
index 42280ac61ec08887e019131ba8345ad16833e109..0000000000000000000000000000000000000000
--- a/L2S-M core/deployments/vxlans.md
+++ /dev/null
@@ -1,93 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# L2S-M VxLAN configuration guide
-
-In order to connect the switches between themselves, an additional configuration must be done. A configuration file specifying which nodes we want to connect and which IP addresses their switches have will be made, and then a script will be run in each **l2sm-switch**, using this configuration file.
-
- a. Create a file anywhere or use the reference in ./configs/sampleFile.json. In this installation, this file will be used as a reference.
- b. In this file, you will specify, using the template shown in the reference file, the name of the nodes in the cluster and the IP addresses of **the switches** running on them. For example:
- ```bash
- $ kubectl get pods -o wide
- >NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
- >l2sm-controller-d647b7fb5-lpp2h 1/1 Running 0 30m 10.1.14.55 l2sm1 <none> <none>
- >l2sm-operator-7d487d8468-lhgkx 2/2 Running 0 2m11s 10.1.14.56 l2sm1 <none> <none>
- >l2sm-switch-8p5td 1/1 Running 0 71s 10.1.14.58 l2sm1 <none> <none>
- >l2sm-switch-xdkvz 1/1 Running 0 71s 10.1.72.111 l2sm2 <none> <none>
-
- ```
- In this example we have two nodes: l2sm1 and l2sm2, with two switches, with IP addresses 10.1.14.58 and 10.1.72.111.
-
- We want to connect them directly, so we modify the reference file, ./configs/sampleFile.json:
-```json
-[
- {
- "name": "<NODE_SWITCH_1>",
- "nodeIP": "<IP_SWITCH_1>",
- "neighborNodes": ["<NODE_SWITCH_2>"]
- },
- {
- "name": "<NODE_SWITCH_2>",
- "nodeIP": "<IP_SWITCH_2>",
- "neighborNodes": ["<NODE_SWITCH_1>"]
- }
-]
-
-```
-Note: The parameters to be changed are shown in the NODE and IP columns of the table above.
-
-Example of how it looks:
-```json
-[
- {
- "name": "l2sm1",
- "nodeIP": "10.1.14.58",
- "neighborNodes": ["l2sm2"]
- },
- {
- "name": "l2sm2",
- "nodeIP": "10.1.72.111",
- "neighborNodes": ["l2sm1"]
- }
-]
-
-```
-Note: Any number of nodes can be configured, as long as the entry is in this file. The desired connections are under the neighborNodes field, in an array, such as this other example, where we add a neighbor to l2sm2: ["l2sm1","l2sm3"]
-
-Once this file is created, we inject it to each node using the kubectl cp command:
-
-```bash
-kubectl cp ./configs/sampleFile.json <pod-name>:/etc/l2sm/switchConfig.json
-```
-
-And then executing the script in the switch-pod:
-
-```bash
-kubectl exec -it <switch-pod-name> -- /bin/bash -c 'l2sm-vxlans --node_name=$NODENAME /etc/l2sm/switchConfig.json'
-```
-
-This must be done in each switch-pod. In the provided example, using two nodes, l2sm1 and l2sm2, we have to do it twice, in l2-ps-8p5td and l2-ps-xdkvz.
-When the exec command is done, we should see an output like this:
-
-```bash
-kubectl exec -it l2sm-switch-8p5td -- /bin/bash -c 'l2sm-vxlans --node_name=$NODENAME /etc/l2sm/switchConfig.json'
-Defaulted container "l2sm-switch" out of: l2sm-switch, wait-for-l2sm-controller (init)
-Created vxlan between node l2sm1 and node l2sm2.
-```
-
-You are all set! If you want to learn how to create virtual networks and use them in your applications, [check the following section of the repository](../examples)
diff --git a/L2S-M core/examples/cdn/cdn-server.yaml b/L2S-M core/examples/cdn/cdn-server.yaml
deleted file mode 100644
index 6677ff349b2c3abfcf7c566d4991a8ec80db2390..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/cdn/cdn-server.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: cdn-server
- labels:
- app: test4
- annotations:
- k8s.v1.cni.cncf.io/networks: v-network-1
-spec:
- containers:
- - name: server
- command: ["/bin/ash", "-c", "ip a add 10.0.1.2/24 dev net1 && ip route add 10.0.2.0/24 via 10.0.1.1 dev net1 && trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- #nodeName: test-l2sm-uc3m-polito-1
diff --git a/L2S-M core/examples/cdn/content-server.yaml b/L2S-M core/examples/cdn/content-server.yaml
deleted file mode 100644
index 1fb1852da993bab04f23cf431ff86c61b7dfa86a..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/cdn/content-server.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: content-server
-spec:
- selector:
- matchLabels:
- app: test4
- replicas: 1
- template:
- metadata:
- labels:
- app: test4
- annotations:
- k8s.v1.cni.cncf.io/networks: v-network-2
- spec:
- containers:
- - name: content-server
- image: alexdecb/video-server-test:1
- command: ["/bin/sh", "-c", "ip a add 10.0.2.2/24 dev net1 && ip route add 10.0.1.0/24 via 10.0.2.1 dev net1 && trap : TERM INT; sleep infinity & wait"]
- imagePullPolicy: Always
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- #nodeName: test-l2sm-uc3m-polito-3
diff --git a/L2S-M core/examples/cdn/router.yaml b/L2S-M core/examples/cdn/router.yaml
deleted file mode 100644
index 011b065293cdab9f5b2df6c7cdef41432a5a10c4..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/cdn/router.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: router
- labels:
- app: test4
- annotations:
- k8s.v1.cni.cncf.io/networks: v-network-1, v-network-2
-spec:
- # securityContext:
- # sysctls:
- # - name: net.ipv4.ip_forward
- # value: "1"
- containers:
- - name: router
- command: ["/bin/ash", "-c"]
- args: ["echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf && sysctl -p && ip addr add 10.0.1.1/24 dev net1 && ip addr add 10.0.2.1/24 dev net2 &&
- trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- privileged: true
- capabilities:
- add: ["NET_ADMIN"]
- #nodeName: test-l2sm-uc3m-polito-2
-
diff --git a/L2S-M core/examples/cdn/v-network-1.yaml b/L2S-M core/examples/cdn/v-network-1.yaml
deleted file mode 100644
index 2162fe79d9f2bad42949e5fcfd84750e15fac37c..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/cdn/v-network-1.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: v-network-1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "l2sm",
- "device": "l2sm-vNet"
- }'
-
diff --git a/L2S-M core/examples/cdn/v-network-2.yaml b/L2S-M core/examples/cdn/v-network-2.yaml
deleted file mode 100644
index 811dbc9f4e5de8daf4d0876f1742778c8d86e402..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/cdn/v-network-2.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: v-network-2
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "l2sm",
- "device": "l2sm-vNet"
- }'
-
diff --git a/L2S-M core/examples/inter-cluster/inter-network.yaml b/L2S-M core/examples/inter-cluster/inter-network.yaml
deleted file mode 100644
index 064b8460007611fd1262c2340cbf49913ddd880b..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/inter-cluster/inter-network.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: l2sm.k8s.local/v1
-kind: L2SMNetwork
-metadata:
- name: spain-network
-spec:
- type: inter-vnet
- config: |
- {
- "provider": {
- "name": "uc3m",
- "domain": "idco.uc3m.es"
- },
- "accessList": ["public-key-1", "public-key-2"]
- }
- signature: sxySO0jHw4h1kcqO/LMLDgOoOeH8dOn8vZWv4KMBq0upxz3lcbl+o/36JefpEwSlBJ6ukuKiQ79L4rsmmZgglk6y/VL54DFyLfPw9RJn3mzl99YE4qCaHyEBANSw+d5hPaJ/I8q+AMtjrYpglMTRPf0iMZQMNtMd0CdeX2V8aZOPCQP75PsZkWukPdoAK/++y1vbFQ6nQKagvpUZfr7Ecb4/QY+hIAzepm6N6lNiFNTgj6lGTrFK0qCVfRhMD+vXbBP6xzZjB2N1nIheK9vx7kvj3HORjZ+odVMa+AOU5ShSKpzXTvknrtcRTcWWmXPNUZLoq5k3U+z1g1OTFcjMdQ====
diff --git a/L2S-M core/examples/ping-pong/network.yaml b/L2S-M core/examples/ping-pong/network.yaml
deleted file mode 100644
index bd50563be77b5b8930ca3052fa0239a9890f5940..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/ping-pong/network.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: l2sm.l2sm.k8s.local/v1
-kind: L2SMNetwork
-metadata:
- name: ping-network
-spec:
- type: vnet
diff --git a/L2S-M core/examples/ping-pong/ping.yaml b/L2S-M core/examples/ping-pong/ping.yaml
deleted file mode 100644
index 355de9c31f969b4e8d6d4e2e40f8cd3247ed5b42..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/ping-pong/ping.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: ping
- labels:
- app: ping-pong
- annotations:
- l2sm/networks: '[{"name": "ping-network", "ips":["192.168.1.6/24"]}]'
-
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- nodeName: l2sm1
diff --git a/L2S-M core/examples/ping-pong/pong.yaml b/L2S-M core/examples/ping-pong/pong.yaml
deleted file mode 100644
index 91a2fc22e4053197a112ea8c38a4100f20e0014a..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/ping-pong/pong.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Pod
-metadata:
- name: pong
- labels:
- app: ping-pong
- annotations:
- l2sm/networks: ping-network
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- #nodeName: workerk8s
diff --git a/L2S-M core/examples/ping-pong/vlink-pingpong.md b/L2S-M core/examples/ping-pong/vlink-pingpong.md
deleted file mode 100644
index dfa95f67f13957f1965f9ffda578b73d7cd7bf04..0000000000000000000000000000000000000000
--- a/L2S-M core/examples/ping-pong/vlink-pingpong.md
+++ /dev/null
@@ -1,138 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# Vlink 'ping-pong' example
-
-## Introduction
-
-This document provides a guide for L2S-M users. It focuses on creating a virtual link (`vlink`) network and managing traffic flows between pods across different nodes using L2S-M components.
-
-## Prerequisites
-- A Kubernetes cluster
-- Multus CNI installed
-- L2S-M and all of its components deployed
-
-## Overview of Components
-- **L2S-M Operator**: A Kubernetes operator that listens for Kubernetes events and manages network configurations programmatically. It interacts with the L2S-M Controller and uses a database to store network configurations and state.
-- **L2S-M Controller**: An SDN controller based on ONOS, leveraging OpenFlow 1.3 to communicate with L2S-M Switches and manage network flows.
-- **L2S-M Switch**: Pods that facilitate traffic flows as per the L2S-M Controller's instructions, ensuring isolated and direct connectivity between specific pods.
-
-
-## Creating a Vlink Network
-
-The first step involves creating a `vlink` network, named "vlink-sample", using our L2SMNetwork CRD. This network facilitates direct, isolated communication between pods across different nodes, through custom paths.
-
-
-```yaml
-apiVersion: l2sm.k8s.local/v1
-kind: L2SMNetwork
-metadata:
- name: vlink-sample
-spec:
- type: vlink
- config: |
- {
- "overlay-parameters": {
- "path": {
- "name": "first-path",
- "FromEndpoint": "node-a",
- "ToEndpoint": "node-e",
- "links": ["link-ac","link-cd","link-de"],
- "capabilities": {
- "bandwidthBits": "20M",
- "latencyNanos": "8e5"
- }
- },
- "reverse-path": {
- "name": "second-path",
- "fromEndpoint": "node-e",
- "toEndpoint": "node-a",
- "links": ["link-ed","link-db","link-ba"]
- }
- }
- }
-```
-
-### Process Overview
-
-1. **Vlink Creation**: Deploy the `vlink-sample` YAML configuration to define the vlink network.
-2. **L2SM Operator Activation**: Upon recognizing the new network configuration, the L2SM operator initiates, contacting the L2SM controller. This process includes saving the network path information for future use.
-3. **L2SM Controller**: The controller is informed about the new network but does not initiate traffic flow immediately. It waits for pods to be connected to the network.
-
-## Deploying Pods with Network Annotations
-
-Deployment involves creating pods with specific annotations to connect them to the `vlink-sample` network. This section explains how PodA and PodB are deployed and managed within the network.
-
-### Deploying pod 'ping'
-
-```yaml
-apiVersion: v1
-kind: Pod
-metadata:
- name: ping
- labels:
- app: ping-pong
- annotations:
- l2sm/networks: '[
- { "name": "vlink-sample",
- "ips": ["192.168.1.2/24"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeName: NodeA
-```
-
-- **Pod Configuration**: Pod 'ping' is defined with the `vlink-sample` annotation and an "ips" argument specifying its IP address. If no IP is specified, the connection defaults to layer 2.
-- **Connection to L2SM-Switch**: Pod 'ping' is attached via Multus to an L2S.M component known as the l2sm-switch, controlled by the L2S-M controller. This grants 'ping' two network interfaces: the default (provided by Flannel or Calico) and the new vlink interface.
-
-
-### Deploying PodB
-
-```yaml
-apiVersion: v1
-kind: Pod
-metadata:
- name: pong
- labels:
- app: ping-pong
- annotations:
- l2sm/networks: '[
- { "name": "vlink-sample",
- "ips": ["192.168.1.3/24"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeName: NodeE
-```
-
-- **Node Placement**: Pod 'pong' is created on NodeE with the `vlink-sample` network annotation but uses a different IP address than pod 'ping'.
-- **Network Connectivity**: The L2SM controller then establishes the necessary intents and flows, ensuring traffic between 'ping' and 'pong' traverses the predefined nodes. This setup guarantees direct, isolated connectivity between the two pods.
-
-
diff --git a/L2S-M core/src/controller/l2sm-controller-app-1.0.oar b/L2S-M core/src/controller/l2sm-controller-app-1.0.oar
deleted file mode 100644
index 9095cb99c82309d3b217c60ed8e60623d6e10b87..0000000000000000000000000000000000000000
Binary files a/L2S-M core/src/controller/l2sm-controller-app-1.0.oar and /dev/null differ
diff --git a/L2S-M core/src/controller/setup_controller.sh b/L2S-M core/src/controller/setup_controller.sh
deleted file mode 100644
index 8fa7d23b7773b801b5c58d61977b1e6b726d7860..0000000000000000000000000000000000000000
--- a/L2S-M core/src/controller/setup_controller.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-
-# turn on bash's job control
-set -m
-
-# Start the onos server and put it on the background
-./bin/onos-service server &
-
-sleep 10
-
-while true; do
- response=$(wget --spider --server-response http://localhost:8181/onos/ui 2>&1)
- status_codes=$(echo "$response" | awk '/HTTP\/1.1/{print $2}')
-
- if echo "$status_codes" | grep -q "200"; then
- echo "Starting the configuration"
- break
- fi
-
- sleep 10
-done
-
-
-# Start the configuration
-
-./bin/onos-app localhost activate org.onosproject.drivers
-./bin/onos-app localhost activate org.onosproject.lldpprovider
-./bin/onos-app localhost activate org.onosproject.openflow-base
-./bin/onos-app localhost activate org.onosproject.optical-model
-./bin/onos-app localhost install! l2sm-controller-app-1.0.oar
-
-
-
-# now we bring the server into the foreground
-fg %1
\ No newline at end of file
diff --git a/L2S-M core/src/operator/l2sm-operator.py b/L2S-M core/src/operator/l2sm-operator.py
deleted file mode 100644
index d6347f588ee9d836de2dee2259189af32ac25b92..0000000000000000000000000000000000000000
--- a/L2S-M core/src/operator/l2sm-operator.py
+++ /dev/null
@@ -1,513 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-import kopf
-import os
-import sys
-import json
-import subprocess
-import secrets
-import kubernetes
-from subprocess import CalledProcessError
-from random import randrange
-from kubernetes import client, config
-from kubernetes.client import CustomObjectsApi
-import pymysql
-import random
-import time
-import requests
-import re
-import sys
-from requests.auth import HTTPBasicAuth
-
-database_ip = os.environ['DATABASE_IP']
-database_username = os.environ['MYSQL_USER']
-database_password = os.environ['MYSQL_PASSWORD']
-database_name = os.environ['MYSQL_DATABASE']
-
-base_controller_url = 'http://' + os.environ['CONTROLLER_IP'] + ':8181' + '/onos/v1'
-
-print(base_controller_url)
-print(database_ip)
-
-def begin_session_controller(base_controller_url,username,password):
-
- # Create a session with basic authentication
- auth = HTTPBasicAuth(username, password)
-
- session = requests.Session()
- session.auth = auth
-
- #Check if connection is possible
- response = session.get(base_controller_url + '/l2sm/networks/status')
- if response.status_code == 200:
- # Successful request
- print("Initialized session between operator and controller.")
- return session
- else:
- print("Could not initialize session with l2sm-controller")
- sys.exit()
-
-
-
-session = begin_session_controller(base_controller_url,"karaf","karaf")
-
-def get_openflow_id(node_name):
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- switch_query = "SELECT id, openflowId, ip FROM switches WHERE node_name = %s"
- cursor.execute(switch_query, (node_name,))
- switch_record = cursor.fetchone()
-
- print(switch_record)
- if switch_record is not None:
- switchId = switch_record['openflowId']
-
- if switchId is not None:
- return switchId # If openflowId is already set, return it
-
- # If openflowId is not set, make a request to get the information from the API
- response = session.get(base_controller_url + '/devices')
- devices = response.json().get('devices', [])
-
- for device in devices:
- if 'id' in device and 'annotations' in device and 'managementAddress' in device['annotations']:
- if device['annotations']['managementAddress'] == switch_record['ip']:
- openflowId = device['id']
- switchId = openflowId
-
- # Save the openflowId in the database
- updateQuery = "UPDATE switches SET openflowId = %s WHERE id = %s"
- cursor.execute(updateQuery, (openflowId, switch_record['id']))
- connection.commit()
-
- return switchId # Return the openflowId
- connection.commit()
- finally:
- connection.close()
-
- return None # Return None if no matching device is found
-
-#POPULATE DATABASE ENTRIES WHEN A NEW L2SM SWITCH IS CREATED (A NEW NODE APPEARS)
-@kopf.on.create('pods.v1', labels={'l2sm-component': 'l2sm-switch'})
-def build_db(body, logger, annotations, **kwargs):
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- if 'spec' in body and 'nodeName' in body['spec']:
- try:
- with connection.cursor() as cursor:
- # Step 1: Check if the switch already exists
- select_switch_sql = "SELECT id FROM switches WHERE node_name = %s;"
- cursor.execute(select_switch_sql, body['spec']['nodeName'])
- result = cursor.fetchone()
-
- if result:
- # Switch exists, so update it (if needed)
- switch_id = result['id']
- # Example update (modify as needed)
- # update_switch_sql = "UPDATE switches SET openflowId = %s, IP = %s WHERE id = %s;"
- # cursor.execute(update_switch_sql, (newOpenflowId, newIP, switch_id))
- else:
- # Step 2: Insert a switch since it doesn't exist
- insert_switch_sql = "INSERT INTO switches (node_name, openflowId, IP) VALUES (%s, NULL, NULL);"
- cursor.execute(insert_switch_sql, body['spec']['nodeName'])
- switch_id = cursor.lastrowid
- # Step 3: Insert interfaces
- for i in range(1, 11):
- interface_name = f"veth{i}"
- # Consider adding a check here to see if the interface already exists for the switch
- insert_interface_sql = "INSERT INTO interfaces (name, switch_id) VALUES (%s, %s);"
- cursor.execute(insert_interface_sql, (interface_name, switch_id))
-
- # Commit the changes
- connection.commit()
- finally:
- connection.close()
- logger.info(f"Node {body['spec']['nodeName']} has been registered in the operator")
- else:
- raise kopf.TemporaryError("The Pod is not yet ready", delay=5)
-
-@kopf.on.field('pods.v1', labels={'l2sm-component': 'l2sm-switch'}, field='status.podIP')
-def update_db(body, logger, annotations, **kwargs):
- if 'status' in body and 'podIP' in body['status']:
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- updateQuery = "UPDATE switches SET ip = '%s', OpenFlowId = NULL WHERE node_name = '%s'" % (body['status']['podIP'], body['spec']['nodeName'])
- cursor.execute(updateQuery)
- connection.commit()
- finally:
- connection.close()
- logger.info(f"Updated switch ip")
-
-
-#UPDATE DATABASE WHEN NETWORK IS CREATED, I.E: IS A MULTUS CRD WITH OUR L2SM INTERFACE PRESENT IN ITS CONFIG
-#@kopf.on.create('NetworkAttachmentDefinition', field="spec.config['device']", value='l2sm-vNet')
-@kopf.on.create('l2sm.l2sm.k8s.local', 'v1', 'l2smnetworks')
-def create_vn(spec, name, namespace, logger, **kwargs):
-
- # Database connection setup
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- # Start database transaction
- with connection.cursor() as cursor:
- sql = "INSERT INTO networks (name, type) VALUES (%s, %s) ON DUPLICATE KEY UPDATE name = VALUES(name), type = VALUES(type)"
- cursor.execute(sql, (name.strip(), spec['type']))
- connection.commit()
-
- except Exception as e:
- # Roll back the database transaction in case of any error
- connection.rollback()
- logger.error(f"An error occurred: {e}. Rolled back the database transaction.")
- finally:
- # Ensure the database connection is closed
- connection.close()
-
-
-
-@kopf.on.create('pods.v1', annotations={'l2sm/networks': kopf.PRESENT})
-def pod_vn(body, name, namespace, logger, annotations, **kwargs):
- """Assign Pod to a network if a specific annotation is present."""
-
- #time.sleep(random.uniform(0,0.8)) # Avoid database overlap by introducing a random sleep time
-
- multus_networks = extract_multus_networks(annotations)
- if not multus_networks:
- logger.info("No Multus networks specified. Exiting.")
- return
-
- existing_networks = get_existing_networks(namespace)
- # Need to extract just the names from multus_networks for comparison
- target_networks_info = filter_target_networks([net['name'] for net in multus_networks], existing_networks)
- if not target_networks_info:
- logger.info("No target networks found. Letting Multus handle the network assignment.")
- return
-
- # Update `target_networks` to include IP information if available
- target_networks = [net for net in multus_networks if net['name'] in target_networks_info]
-
- api = CustomObjectsApi()
- # Assign pods to each of the target networks, this part remains unchanged
- for network in target_networks:
- update_network(network['name'], name, namespace, api)
-
- if 'spec' in body and 'nodeName' in body['spec']:
- node_name = body['spec']['nodeName']
- free_interfaces = get_free_interfaces(node_name)
- if len(free_interfaces) < len(target_networks):
- raise kopf.PermanentError(f"Node {node_name} has no free interfaces left")
-
- openflow_id = get_openflow_id(node_name)
- # Now pass the full network info including IPs if present
- update_network_assignments(name, namespace, node_name, free_interfaces, target_networks, logger, openflow_id)
- else:
- raise kopf.TemporaryError("The Pod is not yet ready", delay=1)
-
-def update_network(l2sm_network_name,pod_name,namespace,api):
- l2sm_network = api.get_namespaced_custom_object(
- group="l2sm.l2sm.k8s.local",
- version="v1",
- namespace=namespace,
- plural="l2smnetworks",
- name=l2sm_network_name,
- )
- connected_pods = l2sm_network.get('status', {}).get('connectedPods', [])
- if pod_name not in connected_pods:
- connected_pods.append(pod_name)
- patch = {'status': {'connectedPods': connected_pods}}
- # Apply the patch to the L2SMNetwork
-
- api.patch_namespaced_custom_object(
- group="l2sm.l2sm.k8s.local",
- version="v1",
- namespace=namespace,
- plural="l2smnetworks",
- name=l2sm_network_name,
- body=patch
- )
- print(f"Updated L2SMNetwork {l2sm_network_name} with connected Pod {pod_name}")
-
-def remove_from_network(l2sm_network_name,pod_name,namespace,api):
- l2sm_network = api.get_namespaced_custom_object(
- group="l2sm.l2sm.k8s.local",
- version="v1",
- namespace=namespace,
- plural="l2smnetworks",
- name=l2sm_network_name,
- )
- connected_pods = l2sm_network.get('status', {}).get('connectedPods', [])
- if pod_name in connected_pods:
- connected_pods.remove(pod_name)
- patch = {'status': {'connectedPods': connected_pods}}
- # Apply the patch to the L2SMNetwork
-
- api.patch_namespaced_custom_object(
- group="l2sm.l2sm.k8s.local",
- version="v1",
- namespace=namespace,
- plural="l2smnetworks",
- name=l2sm_network_name,
- body=patch
- )
- print(f"Updated L2SMNetwork {l2sm_network_name} with disconnected Pod {pod_name}")
-
-
-
-
-def extract_multus_networks(annotations):
- """Extract and return Multus networks from annotations."""
- annotation = annotations.get('l2sm/networks')
- if annotation.startswith('['): # New JSON format
- try:
- networks = json.loads(annotation)
- return [{ 'name': net['name'], 'ips': net.get('ips', []) } for net in networks]
- except json.JSONDecodeError:
- raise ValueError("Failed to decode JSON from annotations")
- else: # Original string format
- return [{'name': network.strip(), 'ips': []} for network in annotation.split(",")]
-
-
-def get_existing_networks(namespace):
- """Return existing networks in the namespace."""
- api = client.CustomObjectsApi()
- networks = api.list_namespaced_custom_object('l2sm.l2sm.k8s.local', 'v1', namespace, 'l2smnetworks').get('items')
- return [network['metadata']['name'] for network in networks if "vnet" in network['spec']['type']]
-
-def filter_target_networks(multus_networks, existing_networks):
- """Filter and return networks that are both requested and exist."""
- return [network for network in multus_networks if network in existing_networks]
-
-def get_free_interfaces(node_name):
- """Query the database for free interfaces on a node."""
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- sql = """
- SELECT i.id, i.name
- FROM interfaces i
- JOIN switches s ON i.switch_id = s.id
- WHERE i.network_id IS NULL AND s.node_name = %s;
- """
- cursor.execute(sql, (node_name.strip(),))
- free_interfaces = cursor.fetchall()
- finally:
- connection.close()
- return free_interfaces
-
-def update_pod_annotation(pod_name, namespace, networks_info):
- """Update the Pod's annotation with assigned networks and optional IPs."""
- v1 = client.CoreV1Api()
- pod = v1.read_namespaced_pod(pod_name, namespace)
- pod_annotations = pod.metadata.annotations or {}
- # Format the annotations based on whether IPs are provided
- formatted_networks = []
- for network_info in networks_info:
- if not network_info.get('ips'):
- network_info['ips'] = [generate_random_ipv6_fe80()] # Ensure this is a list
- formatted_networks.append(json.dumps(network_info)) # Convert dict to a JSON string
-
- pod_annotations['k8s.v1.cni.cncf.io/networks'] = '[' + ', '.join(formatted_networks) + ']'
- print(pod_annotations)
- v1.patch_namespaced_pod(pod_name, namespace, {'metadata': {'annotations': pod_annotations}})
-
-
-def update_network_assignments(pod_name, namespace, node_name, free_interfaces, target_networks, logger, openflow_id):
- """Update the network assignments in the database and controller."""
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- assigned_interfaces = []
- with connection.cursor() as cursor:
- for i, interface in enumerate(free_interfaces[:len(target_networks)]):
- update_interface_assignment(cursor, interface['id'], target_networks[i]['name'], pod_name, node_name)
- assigned_interfaces.append({"name":interface['name'], "ips": target_networks[i]['ips']})
- # Assuming function get_openflow_id and session.post logic are implemented elsewhere
- if openflow_id:
- port_number = extract_port_number(interface['name'])
- post_network_assignment(openflow_id, port_number, target_networks[i]['name'])
-
- update_pod_annotation(pod_name, namespace, assigned_interfaces)
-
- connection.commit()
- finally:
- connection.close()
- logger.info(f"Pod {pod_name} attached to networks {', '.join(network['name'] for network in target_networks)}")
-
-# Assuming these functions are implemented as per original logic
-def update_interface_assignment(cursor, interface_id, network_name, pod_name, node_name):
- """Update a single interface's network assignment in the database."""
- # First, find the network_id from the network name
- cursor.execute("SELECT id FROM networks WHERE name = %s", (network_name,))
- network = cursor.fetchone()
- if network is None:
- raise ValueError(f"Network {network_name} does not exist")
- network_id = network['id']
-
- # Update the interface with the network_id and pod name
- sql = """
- UPDATE interfaces
- SET pod = %s, network_id = %s
- WHERE id = %s;
- """
- cursor.execute(sql, (pod_name, network_id, interface_id))
-
-def extract_port_number(interface_name):
- """Extract and return the port number from an interface name."""
- return int(re.search(r'\d+$', interface_name).group())
-
-def post_network_assignment(openflow_id, port_number, network_name):
- """Post network assignment to the controller."""
- payload = {
- "networkId": network_name,
- "networkEndpoints": [f"{openflow_id}/{port_number}"]
- }
- response = session.post(f"{base_controller_url}/l2sm/networks/port", json=payload)
- if response.status_code != 204:
- raise Exception(f"Network assignment failed with status code: {response.status_code}")
-
-
-
-#UPDATE DATABASE WHEN POD IS DELETED
-@kopf.on.delete('pods.v1', annotations={'l2sm/networks': kopf.PRESENT})
-def dpod_vn(body, name, namespace, logger, annotations, **kwargs):
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- sql = "UPDATE interfaces SET network_id = NULL, pod = NULL WHERE pod = '%s'" % (name)
- cursor.execute(sql)
-
- connection.commit()
- multus_networks = extract_multus_networks(annotations)
- if not multus_networks:
- logger.info("No Multus networks specified. Exiting.")
- return
-
- existing_networks = get_existing_networks(namespace)
- # Need to extract just the names from multus_networks for comparison
- target_networks_info = filter_target_networks([net['name'] for net in multus_networks], existing_networks)
- if not target_networks_info:
- logger.info("No target networks found. Letting Multus handle the network assignment.")
- return
-
- # Update `target_networks` to include IP information if available
- target_networks = [net for net in multus_networks if net['name'] in target_networks_info]
-
- api = CustomObjectsApi()
- # Assign pods to each of the target networks
- for network in target_networks:
- update_network(network['name'], name, namespace, api)
- finally:
- connection.close()
- logger.info(f"Pod {name} removed")
-
-#UPDATE DATABASE WHEN NETWORK IS DELETED
-@kopf.on.delete('l2sm.l2sm.k8s.local', 'v1', 'l2smnetworks')
-def delete_vn(spec, name, logger, **kwargs):
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- # First, set network_id to NULL in interfaces for the network being deleted
- update_interfaces_sql = """
- UPDATE interfaces
- SET network_id = NULL
- WHERE network_id = (SELECT id FROM networks WHERE name = %s AND type = %s);
- """
- cursor.execute(update_interfaces_sql, (name,spec['type']))
-
- # Then, delete the network from networks table
- delete_network_sql = "DELETE FROM networks WHERE name = %s AND type = %s;"
- cursor.execute(delete_network_sql, (name,spec['type']))
-
-
-
-
- connection.commit()
- finally:
- connection.close()
- logger.info(f"Network {name} removed")
-
-#DELETE DATABASE ENTRIES WHEN A NEW L2SM SWITCH IS DELETED (A NEW NODE GETS OUT OF THE CLUSTER)
-@kopf.on.delete('pods.v1', labels={'l2sm-component': 'l2sm-switch'})
-def remove_node(body, logger, annotations, **kwargs):
- connection = pymysql.connect(host=database_ip,
- user=database_username,
- password=database_password,
- database=database_name,
- cursorclass=pymysql.cursors.DictCursor)
- try:
- with connection.cursor() as cursor:
- sql = """
- DELETE FROM interfaces
- WHERE switch_id = (SELECT id FROM switches WHERE node_name = %s);
- """
- switchSql = "DELETE FROM switches WHERE node_name = %s;"
- cursor.execute(sql,body['spec']['nodeName'])
- cursor.execute(switchSql,body['spec']['nodeName'])
- connection.commit()
- finally:
- connection.close()
- logger.info(f"Node {body['spec']['nodeName']} has been deleted from the cluster")
-
-
-def generate_random_ipv6_fe80():
- # IPv6 FE80::/64 starts with '1111 1110 10' and 54 bits of 0s
- # So we can fix the first 10 bits as '1111 1110 10'
- # Then we generate the last 64 bits randomly for the interface ID
- # Since IPv6 addresses are represented in hexadecimal, we convert the binary values to hexadecimal
-
-
- # Generating the interface ID (64 bits)
- interface_id = random.getrandbits(64)
- # Formatting to a 16 character hexadecimal string
- interface_id_hex = format(interface_id, '016x')
-
- # Constructing the full IPv6 address in the fe80::/64 range
- ipv6_address = f"fe80::{interface_id_hex[:4]}:{interface_id_hex[4:8]}:{interface_id_hex[8:12]}:{interface_id_hex[12:]}/64"
-
- return ipv6_address
-
diff --git a/L2S-M core/src/operator/requirements.txt b/L2S-M core/src/operator/requirements.txt
deleted file mode 100644
index 35b034981f1c140422b732834fbd49b870e892fd..0000000000000000000000000000000000000000
--- a/L2S-M core/src/operator/requirements.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-kopf==1.37.0
-kubernetes==28.1.0
-PyMySQL==1.1.0
-requests==2.25.1
diff --git a/L2S-M core/src/switch/cmd/l2sm-init/main.go b/L2S-M core/src/switch/cmd/l2sm-init/main.go
deleted file mode 100644
index eabd56aa084f2384567cd45a1c8f5db801050d44..0000000000000000000000000000000000000000
--- a/L2S-M core/src/switch/cmd/l2sm-init/main.go
+++ /dev/null
@@ -1,112 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package main
-
-import (
- "errors"
- "flag"
- "fmt"
- "os/exec"
- "regexp"
-)
-
-// Script that takes two required arguments:
-// the first one is the name in the cluster of the node where the script is running
-// the second one is the path to the configuration file, in reference to the code.
-func main() {
-
- vethNumber, controllerIP, err := takeArguments()
-
- if err != nil {
- fmt.Println("Error with the arguments. Error:", err)
- return
- }
-
- fmt.Println("Initializing switch, connected to controller: ", controllerIP)
- err = initializeSwitch(controllerIP)
-
- if err != nil {
- fmt.Println("Could not initialize switch. Error:", err)
- return
- }
-
- fmt.Println("Switch initialized and connected to the controller.")
-
- // Set all virtual interfaces up, and connect them to the tunnel bridge:
- for i := 1; i <= vethNumber; i++ {
- veth := fmt.Sprintf("net%d", i)
- cmd := exec.Command("ip", "link", "set", veth, "up") // i.e: ip link set veth1 up
- if err := cmd.Run(); err != nil {
- fmt.Println("Error:", err)
- }
- exec.Command("ovs-vsctl", "add-port", "brtun", veth).Run() // i.e: ovs-vsctl add-port brtun veth1
- }
-}
-
-func takeArguments() (int, string, error) {
-
- vethNumber := flag.Int("n_veths", 0, "number of pod interfaces that are going to be attached to the switch")
- controllerIP := flag.String("controller_ip", "", "ip where the SDN controller is listening using the OpenFlow13 protocol. Required")
-
- flag.Parse()
-
- switch {
- case *controllerIP == "":
- return 0, "", errors.New("controller IP is not defined")
- }
-
- return *vethNumber, *controllerIP, nil
-}
-
-func initializeSwitch(controllerIP string) error {
-
- re := regexp.MustCompile(`\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b`)
- if !re.MatchString(controllerIP) {
- out, _ := exec.Command("host", controllerIP).Output()
- controllerIP = re.FindString(string(out))
- }
-
- var err error
-
- err = exec.Command("ovs-vsctl", "add-br", "brtun").Run()
-
- if err != nil {
- return errors.New("could not create brtun interface")
- }
-
- err = exec.Command("ip", "link", "set", "brtun", "up").Run()
-
- if err != nil {
- return errors.New("could not set brtun interface up")
- }
-
- err = exec.Command("ovs-vsctl", "set", "bridge", "brtun", "protocols=OpenFlow13").Run()
-
- if err != nil {
- return errors.New("could not set brtun messaing protocol to OpenFlow13")
- }
-
- target := fmt.Sprintf("tcp:%s:6633", controllerIP)
-
- err = exec.Command("ovs-vsctl", "set-controller", "brtun", target).Run()
-
- if err != nil {
- return errors.New("could not connect to controller")
- }
- return nil
-}
diff --git a/L2S-M core/src/switch/cmd/l2sm-vxlans/main.go b/L2S-M core/src/switch/cmd/l2sm-vxlans/main.go
deleted file mode 100644
index 4fc5c6e02d7541b03c3de43475c41c5d6dd7a53b..0000000000000000000000000000000000000000
--- a/L2S-M core/src/switch/cmd/l2sm-vxlans/main.go
+++ /dev/null
@@ -1,127 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package main
-
-import (
- "encoding/json"
- "errors"
- "flag"
- "fmt"
- "io/ioutil"
- "os"
- "os/exec"
- "strings"
-)
-
-type Node struct {
- Name string `json:"name"`
- NodeIP string `json:"nodeIP"`
- NeighborNodes []string `json:"neighborNodes"`
-}
-
-// Script that takes two required arguments:
-// the first one is the name in the cluster of the node where the script is running
-// the second one is the path to the configuration file, in reference to the code.
-func main() {
-
- configDir, nodeName, err := takeArguments()
-
- if err != nil {
- fmt.Println("Error with the arguments. Error:", err)
- return
- }
-
- err = createVxlans(configDir, nodeName)
-
- if err != nil {
- fmt.Println("Vxlans not created: ", err)
- return
- }
-}
-
-func takeArguments() (string, string, error) {
- configDir := os.Args[len(os.Args)-1]
-
- nodeName := flag.String("node_name", "", "name of the node the script is executed in. Required.")
-
- flag.Parse()
-
- switch {
- case *nodeName == "":
- return "", "", errors.New("node name is not defined")
- case configDir == "":
- return "", "", errors.New("config directory is not defined")
- }
-
- return configDir, *nodeName, nil
-}
-
-func createVxlans(configDir, nodeName string) error {
-
- /// Read file and save in memory the JSON info
- data, err := ioutil.ReadFile(configDir)
- if err != nil {
- fmt.Println("No input file was found.", err)
- return err
- }
-
- var nodes []Node
- err = json.Unmarshal(data, &nodes)
- if err != nil {
- return err
- }
-
- // Search for the corresponding node in the configuration, according to the first passed parameter.
- // Once the node is found, create a bridge for every neighbour node defined.
- // The bridge is created with the nodeIp and neighborNodeIP and VNI. The VNI is generated in the l2sm-controller thats why its set to 'flow'.
- for _, node := range nodes {
- if node.Name == nodeName {
- nodeIP := strings.TrimSpace(node.NodeIP)
- for _, neighbor := range node.NeighborNodes {
- vxlanNumber := 1
- for _, n := range nodes {
- if n.Name == neighbor {
- neighborIP := strings.TrimSpace(n.NodeIP)
- commandArgs := []string{
- "add-port",
- "brtun",
- fmt.Sprintf("vxlan%d", vxlanNumber),
- "--",
- "set", "interface",
- fmt.Sprintf("vxlan%d", vxlanNumber),
- "type=vxlan",
- "options:key=flow",
- fmt.Sprintf("options:remote_ip=%s", neighborIP),
- fmt.Sprintf("options:local_ip=%s", nodeIP),
- "options:dst_port=7000",
- }
- _, err := exec.Command("ovs-vsctl", commandArgs...).Output()
- if err != nil {
- return fmt.Errorf("could not create vxlan between node %s and node %s", node.Name, neighbor)
- } else {
- fmt.Printf("Created vxlan between node %s and node %s.\n", node.Name, neighbor)
- }
- }
- vxlanNumber++
- }
-
- }
- }
- }
- return nil
-}
diff --git a/L2S-M core/src/switch/go.mod b/L2S-M core/src/switch/go.mod
deleted file mode 100644
index b16f0d7c546947c98f70a639319ede91c44120c8..0000000000000000000000000000000000000000
--- a/L2S-M core/src/switch/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module app
-
-go 1.18
diff --git a/L2S-M core/src/switch/setup_switch.sh b/L2S-M core/src/switch/setup_switch.sh
deleted file mode 100644
index 8f8eb59291af5d60d129ccc931c4dc1aed2524d6..0000000000000000000000000000000000000000
--- a/L2S-M core/src/switch/setup_switch.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-
-ovsdb-server --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
-
-ovs-vsctl --db=unix:/var/run/openvswitch/db.sock --no-wait init
-
-ovs-vswitchd --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
-
-l2sm-init --n_veths=$NVETHS --controller_ip=$CONTROLLERIP
-
-#l2sm-vxlans --node_name=$NODENAME /etc/l2sm/switchConfig.json
-sleep infinity
diff --git a/L2S-M core/src/switch/vswitch.ovsschema b/L2S-M core/src/switch/vswitch.ovsschema
deleted file mode 100644
index 2d395ff952cf4ccd575701dc8d9fbaa9e8f4fdd9..0000000000000000000000000000000000000000
--- a/L2S-M core/src/switch/vswitch.ovsschema
+++ /dev/null
@@ -1,731 +0,0 @@
-{"name": "Open_vSwitch",
- "version": "8.4.0",
- "cksum": "2738838700 27127",
- "tables": {
- "Open_vSwitch": {
- "columns": {
- "datapaths": {
- "type": {"key": {"type": "string"},
- "value": {"type": "uuid",
- "refTable": "Datapath"},
- "min": 0, "max": "unlimited"}},
- "bridges": {
- "type": {"key": {"type": "uuid",
- "refTable": "Bridge"},
- "min": 0, "max": "unlimited"}},
- "manager_options": {
- "type": {"key": {"type": "uuid",
- "refTable": "Manager"},
- "min": 0, "max": "unlimited"}},
- "ssl": {
- "type": {"key": {"type": "uuid",
- "refTable": "SSL"},
- "min": 0, "max": 1}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "next_cfg": {
- "type": "integer"},
- "cur_cfg": {
- "type": "integer"},
- "statistics": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "ovs_version": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "db_version": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "system_type": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "system_version": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "datapath_types": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": "unlimited"}},
- "iface_types": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": "unlimited"}},
- "dpdk_initialized": {
- "type": "boolean"},
- "dpdk_version": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}}},
- "isRoot": true,
- "maxRows": 1},
- "Bridge": {
- "columns": {
- "name": {
- "type": "string",
- "mutable": false},
- "datapath_type": {
- "type": "string"},
- "datapath_version": {
- "type": "string"},
- "datapath_id": {
- "type": {"key": "string", "min": 0, "max": 1},
- "ephemeral": true},
- "stp_enable": {
- "type": "boolean"},
- "rstp_enable": {
- "type": "boolean"},
- "mcast_snooping_enable": {
- "type": "boolean"},
- "ports": {
- "type": {"key": {"type": "uuid",
- "refTable": "Port"},
- "min": 0, "max": "unlimited"}},
- "mirrors": {
- "type": {"key": {"type": "uuid",
- "refTable": "Mirror"},
- "min": 0, "max": "unlimited"}},
- "netflow": {
- "type": {"key": {"type": "uuid",
- "refTable": "NetFlow"},
- "min": 0, "max": 1}},
- "sflow": {
- "type": {"key": {"type": "uuid",
- "refTable": "sFlow"},
- "min": 0, "max": 1}},
- "ipfix": {
- "type": {"key": {"type": "uuid",
- "refTable": "IPFIX"},
- "min": 0, "max": 1}},
- "controller": {
- "type": {"key": {"type": "uuid",
- "refTable": "Controller"},
- "min": 0, "max": "unlimited"}},
- "protocols": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["OpenFlow10",
- "OpenFlow11",
- "OpenFlow12",
- "OpenFlow13",
- "OpenFlow14",
- "OpenFlow15"]]},
- "min": 0, "max": "unlimited"}},
- "fail_mode": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["standalone", "secure"]]},
- "min": 0, "max": 1}},
- "status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "rstp_status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "flood_vlans": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": 4096}},
- "flow_tables": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 254},
- "value": {"type": "uuid",
- "refTable": "Flow_Table"},
- "min": 0, "max": "unlimited"}},
- "auto_attach": {
- "type": {"key": {"type": "uuid",
- "refTable": "AutoAttach"},
- "min": 0, "max": 1}}},
- "indexes": [["name"]]},
- "Port": {
- "columns": {
- "name": {
- "type": "string",
- "mutable": false},
- "interfaces": {
- "type": {"key": {"type": "uuid",
- "refTable": "Interface"},
- "min": 1, "max": "unlimited"}},
- "trunks": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": 4096}},
- "cvlans": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": 4096}},
- "tag": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": 1}},
- "vlan_mode": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["trunk", "access", "native-tagged",
- "native-untagged", "dot1q-tunnel"]]},
- "min": 0, "max": 1}},
- "qos": {
- "type": {"key": {"type": "uuid",
- "refTable": "QoS"},
- "min": 0, "max": 1}},
- "mac": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "bond_mode": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["balance-tcp", "balance-slb", "active-backup"]]},
- "min": 0, "max": 1}},
- "lacp": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["active", "passive", "off"]]},
- "min": 0, "max": 1}},
- "bond_updelay": {
- "type": "integer"},
- "bond_downdelay": {
- "type": "integer"},
- "bond_active_slave": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "bond_fake_iface": {
- "type": "boolean"},
- "fake_bridge": {
- "type": "boolean"},
- "status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "rstp_status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "rstp_statistics": {
- "type": {"key": "string", "value": "integer",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "statistics": {
- "type": {"key": "string", "value": "integer",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "protected": {
- "type": "boolean"},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
- "indexes": [["name"]]},
- "Interface": {
- "columns": {
- "name": {
- "type": "string",
- "mutable": false},
- "type": {
- "type": "string"},
- "options": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "ingress_policing_rate": {
- "type": {"key": {"type": "integer",
- "minInteger": 0}}},
- "ingress_policing_burst": {
- "type": {"key": {"type": "integer",
- "minInteger": 0}}},
- "ingress_policing_kpkts_rate": {
- "type": {"key": {"type": "integer",
- "minInteger": 0}}},
- "ingress_policing_kpkts_burst": {
- "type": {"key": {"type": "integer",
- "minInteger": 0}}},
- "mac_in_use": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1},
- "ephemeral": true},
- "mac": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "ifindex": {
- "type": {
- "key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "min": 0,
- "max": 1},
- "ephemeral": true},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "ofport": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "ofport_request": {
- "type": {
- "key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 65279},
- "min": 0,
- "max": 1}},
- "bfd": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "bfd_status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "cfm_mpid": {
- "type": {
- "key": {"type": "integer"},
- "min": 0,
- "max": 1}},
- "cfm_remote_mpids": {
- "type": {
- "key": {"type": "integer"},
- "min": 0,
- "max": "unlimited"},
- "ephemeral": true},
- "cfm_flap_count": {
- "type": {
- "key": {"type": "integer"},
- "min": 0,
- "max": 1}},
- "cfm_fault": {
- "type": {
- "key": { "type": "boolean"},
- "min": 0,
- "max": 1},
- "ephemeral": true},
- "cfm_fault_status": {
- "type": {
- "key": "string", "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "cfm_remote_opstate": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["up", "down"]]},
- "min": 0, "max": 1},
- "ephemeral": true},
- "cfm_health": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 100},
- "min": 0, "max": 1},
- "ephemeral": true},
- "lacp_current": {
- "type": {"key": {"type": "boolean"},
- "min": 0, "max": 1},
- "ephemeral": true},
- "lldp": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "statistics": {
- "type": {"key": "string", "value": "integer",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "admin_state": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["up", "down"]]},
- "min": 0, "max": 1},
- "ephemeral": true},
- "link_state": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["up", "down"]]},
- "min": 0, "max": 1},
- "ephemeral": true},
- "link_resets": {
- "type": {"key": {"type": "integer"},
- "min": 0, "max": 1},
- "ephemeral": true},
- "link_speed": {
- "type": {"key": "integer", "min": 0, "max": 1},
- "ephemeral": true},
- "duplex": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["half", "full"]]},
- "min": 0, "max": 1},
- "ephemeral": true},
- "mtu": {
- "type": {"key": "integer", "min": 0, "max": 1},
- "ephemeral": true},
- "mtu_request": {
- "type": {
- "key": {"type": "integer",
- "minInteger": 1},
- "min": 0,
- "max": 1}},
- "error": {
- "type": {"key": "string", "min": 0, "max": 1}}},
- "indexes": [["name"]]},
- "Flow_Table": {
- "columns": {
- "name": {
- "type": {"key": "string", "min": 0, "max": 1}},
- "flow_limit": {
- "type": {"key": {"type": "integer", "minInteger": 0},
- "min": 0, "max": 1}},
- "overflow_policy": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["refuse", "evict"]]},
- "min": 0, "max": 1}},
- "groups": {
- "type": {"key": "string", "min": 0, "max": "unlimited"}},
- "prefixes": {
- "type": {"key": "string", "min": 0, "max": 3}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "QoS": {
- "columns": {
- "type": {
- "type": "string"},
- "queues": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "value": {"type": "uuid",
- "refTable": "Queue"},
- "min": 0, "max": "unlimited"}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
- "isRoot": true},
- "Queue": {
- "columns": {
- "dscp": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 63},
- "min": 0, "max": 1}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
- "isRoot": true},
- "Mirror": {
- "columns": {
- "name": {
- "type": "string"},
- "select_all": {
- "type": "boolean"},
- "select_src_port": {
- "type": {"key": {"type": "uuid",
- "refTable": "Port",
- "refType": "weak"},
- "min": 0, "max": "unlimited"}},
- "select_dst_port": {
- "type": {"key": {"type": "uuid",
- "refTable": "Port",
- "refType": "weak"},
- "min": 0, "max": "unlimited"}},
- "select_vlan": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": 4096}},
- "output_port": {
- "type": {"key": {"type": "uuid",
- "refTable": "Port",
- "refType": "weak"},
- "min": 0, "max": 1}},
- "output_vlan": {
- "type": {"key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 4095},
- "min": 0, "max": 1}},
- "snaplen": {
- "type": {"key": {"type": "integer",
- "minInteger": 14,
- "maxInteger": 65535},
- "min": 0, "max": 1}},
- "statistics": {
- "type": {"key": "string", "value": "integer",
- "min": 0, "max": "unlimited"},
- "ephemeral": true},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "NetFlow": {
- "columns": {
- "targets": {
- "type": {"key": {"type": "string"},
- "min": 1, "max": "unlimited"}},
- "engine_type": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 255},
- "min": 0, "max": 1}},
- "engine_id": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 255},
- "min": 0, "max": 1}},
- "add_id_to_interface": {
- "type": "boolean"},
- "active_timeout": {
- "type": {"key": {"type": "integer",
- "minInteger": -1}}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "sFlow": {
- "columns": {
- "targets": {
- "type": {"key": "string", "min": 1, "max": "unlimited"}},
- "sampling": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "polling": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "header": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "agent": {
- "type": {"key": "string", "min": 0, "max": 1}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "IPFIX": {
- "columns": {
- "targets": {
- "type": {"key": "string", "min": 0, "max": "unlimited"}},
- "sampling": {
- "type": {"key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 4294967295},
- "min": 0, "max": 1}},
- "obs_domain_id": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "min": 0, "max": 1}},
- "obs_point_id": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "min": 0, "max": 1}},
- "cache_active_timeout": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4200},
- "min": 0, "max": 1}},
- "cache_max_flows": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "min": 0, "max": 1}},
- "stats_interval": {
- "type": {"key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 3600},
- "min": 0, "max": 1}},
- "template_interval": {
- "type": {"key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 3600},
- "min": 0, "max": 1}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "Flow_Sample_Collector_Set": {
- "columns": {
- "id": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4294967295},
- "min": 1, "max": 1}},
- "bridge": {
- "type": {"key": {"type": "uuid",
- "refTable": "Bridge"},
- "min": 1, "max": 1}},
- "ipfix": {
- "type": {"key": {"type": "uuid",
- "refTable": "IPFIX"},
- "min": 0, "max": 1}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
- "isRoot": true,
- "indexes": [["id", "bridge"]]},
- "Controller": {
- "columns": {
- "type": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["primary", "service"]]},
- "min": 0, "max": 1}},
- "target": {
- "type": "string"},
- "max_backoff": {
- "type": {"key": {"type": "integer",
- "minInteger": 1000},
- "min": 0, "max": 1}},
- "inactivity_probe": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "connection_mode": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["in-band", "out-of-band"]]},
- "min": 0, "max": 1}},
- "local_ip": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "local_netmask": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "local_gateway": {
- "type": {"key": {"type": "string"},
- "min": 0, "max": 1}},
- "enable_async_messages": {
- "type": {"key": {"type": "boolean"},
- "min": 0, "max": 1}},
- "controller_queue_size": {
- "type": {"key": {"type": "integer",
- "minInteger": 1,
- "maxInteger": 512},
- "min": 0, "max": 1}},
- "controller_rate_limit": {
- "type": {"key": {"type": "integer",
- "minInteger": 100},
- "min": 0, "max": 1}},
- "controller_burst_limit": {
- "type": {"key": {"type": "integer",
- "minInteger": 25},
- "min": 0, "max": 1}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "is_connected": {
- "type": "boolean",
- "ephemeral": true},
- "role": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["other", "master", "slave"]]},
- "min": 0, "max": 1},
- "ephemeral": true},
- "status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true}}},
- "Manager": {
- "columns": {
- "target": {
- "type": "string"},
- "max_backoff": {
- "type": {"key": {"type": "integer",
- "minInteger": 1000},
- "min": 0, "max": 1}},
- "inactivity_probe": {
- "type": {"key": "integer", "min": 0, "max": 1}},
- "connection_mode": {
- "type": {"key": {"type": "string",
- "enum": ["set", ["in-band", "out-of-band"]]},
- "min": 0, "max": 1}},
- "other_config": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "is_connected": {
- "type": "boolean",
- "ephemeral": true},
- "status": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"},
- "ephemeral": true}},
- "indexes": [["target"]]},
- "Datapath": {
- "columns": {
- "datapath_version": {
- "type": "string"},
- "ct_zones": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 65535},
- "value": {"type": "uuid",
- "refTable": "CT_Zone"},
- "min": 0, "max": "unlimited"}},
- "capabilities": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "CT_Zone": {
- "columns": {
- "timeout_policy": {
- "type": {"key": {"type": "uuid",
- "refTable": "CT_Timeout_Policy"},
- "min": 0, "max": 1}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "CT_Timeout_Policy": {
- "columns": {
- "timeouts": {
- "type": {"key": {"type" : "string",
- "enum": ["set", ["tcp_syn_sent", "tcp_syn_recv",
- "tcp_established", "tcp_fin_wait",
- "tcp_close_wait", "tcp_last_ack",
- "tcp_time_wait", "tcp_close",
- "tcp_syn_sent2", "tcp_retransmit",
- "tcp_unack", "udp_first",
- "udp_single", "udp_multiple",
- "icmp_first", "icmp_reply"]]},
- "value": {"type" : "integer",
- "minInteger" : 0,
- "maxInteger" : 4294967295},
- "min": 0, "max": "unlimited"}},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}}},
- "SSL": {
- "columns": {
- "private_key": {
- "type": "string"},
- "certificate": {
- "type": "string"},
- "ca_cert": {
- "type": "string"},
- "bootstrap_ca_cert": {
- "type": "boolean"},
- "external_ids": {
- "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
- "maxRows": 1},
- "AutoAttach": {
- "columns": {
- "system_name": {
- "type": "string"},
- "system_description": {
- "type": "string"},
- "mappings": {
- "type": {"key": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 16777215},
- "value": {"type": "integer",
- "minInteger": 0,
- "maxInteger": 4095},
- "min": 0, "max": "unlimited"}}}}}}
diff --git a/l2sm-api-resources/Makefile b/Makefile
similarity index 77%
rename from l2sm-api-resources/Makefile
rename to Makefile
index 1db698739ce4d26c0a0a73d7e18d31d2ed6af0e3..ebd41f4845816523ba2c524f637f2ec0d571aad0 100644
--- a/l2sm-api-resources/Makefile
+++ b/Makefile
@@ -1,23 +1,6 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
# Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= alexdecb/l2sm-controller-manager:2.7.1
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.29.0
@@ -32,13 +15,15 @@ endif
# Be aware that the target commands are only tested with Docker which is
# scaffolded by default. However, you might want to replace it to use other
# tools. (i.e. podman)
-CONTAINER_TOOL ?= docker
+CONTAINER_TOOL ?= sudo docker
# Setting SHELL to bash allows bash commands to be executed by recipes.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
+REPOSITORY=L2S-M
+
.PHONY: all
all: build
@@ -101,6 +86,8 @@ build: manifests generate fmt vet ## Build manager binary.
go build -o bin/manager cmd/main.go
.PHONY: run
+include .env
+export $(shell sed 's/=.*//' .env)
run: manifests generate fmt vet ## Run a controller from your host.
go run ./cmd/main.go
@@ -134,13 +121,12 @@ docker-buildx: ## Build and push docker image for the manager for cross-platform
.PHONY: build-installer
build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
- mkdir -p dist
- @if [ -d "config/crd" ]; then \
- $(KUSTOMIZE) build config/crd > dist/install.yaml; \
- fi
- echo "---" >> dist/install.yaml # Add a document separator before appending
+ echo "" > deployments/l2sm-deployment.yaml
+ echo "---" >> deployments/l2sm-deployment.yaml # Add a document separator before appending
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
- $(KUSTOMIZE) build config/default >> dist/install.yaml
+ $(KUSTOMIZE) build config/default >> deployments/l2sm-deployment.yaml
+ $(KUSTOMIZE) build config/tmp >> deployments/l2sm-deployment.yaml
+
##@ Deployment
@@ -160,11 +146,60 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
+ $(KUSTOMIZE) build config/tmp | $(KUBECTL) apply -f -
.PHONY: undeploy
undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+ $(KUSTOMIZE) build config/tmp | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
+.PHONY: webhook-certs
+webhook-certs: ## generate self-signed cert and key for local webhook development
+ mkdir -p /tmp/k8s-webhook-server/serving-certs
+ openssl req -x509 -newkey rsa:2048 -nodes -keyout /tmp/k8s-webhook-server/serving-certs/tls.key -out /tmp/k8s-webhook-server/serving-certs/tls.crt -days 365 -config ./config/dev/openssl.cnf -batch -subj '/CN=local-webhook'
+ cat /tmp/k8s-webhook-server/serving-certs/tls.crt | base64 -w0 > /tmp/k8s-webhook-server/tls.b64
+# $(eval B64_CERT := $(shell cat /tmp/k8s-webhook-server/tls.b64))
+# echo $(B64_CERT)
+# cat /tmp/k8s-webhook-server/tls.b64
+
+
+
+# openssl req -x509 \
+# -newkey rsa:2048 \
+# -nodes \
+# -keyout /tmp/k8s-webhook-server/serving-certs/tls.key \
+# -out /tmp/k8s-webhook-server/serving-certs/tls.crt \
+# -days 365 \
+# -subj '/CN=local-webhook'
+##@ Webhook
+
+.PHONY: deploy-dev
+deploy-dev: webhook-certs manifests kustomize ## Deploy validating and mutating webhooks to the K8s cluster specified in ~/.kube/config.
+ sed -i'' -e 's/caBundle: .*/caBundle: $(shell cat /tmp/k8s-webhook-server/tls.b64)/' ./config/dev/webhookcainjection_patch.yaml
+ $(KUSTOMIZE) build config/dev | $(KUBECTL) apply -f -
+
+
+.PHONY: undeploy-dev
+undeploy-dev: kustomize ## Undeploy validating and mutating webhooks from the K8s cluster specified in ~/.kube/config.
+ $(KUSTOMIZE) build config/dev | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
+
+
+# Define file extensions for various formats
+FILES := $(shell find . -type f \( -name "*.go" -o -name "*.json" -o -name "*.yaml" -o -name "*.yml" -o -name "*.md" \))
+
+# Install the addlicense tool if not installed
+.PHONY: install-tools
+install-tools:
+ @go install github.com/google/addlicense@latest
+
+# Add license headers to the files
+.PHONY: add-license
+add-license: install-tools
+ @for file in $(FILES); do \
+ addlicense -f ./hack/LICENSE.txt -l apache "$${file}"; \
+ done
+
+
##@ Dependencies
## Location to install dependencies to
@@ -205,6 +240,7 @@ golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
$(GOLANGCI_LINT): $(LOCALBIN)
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION})
+
# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
# $1 - target path with name of binary (ideally with version)
# $2 - package url which can be installed
@@ -218,3 +254,4 @@ GOBIN=$(LOCALBIN) go install $${package} ;\
mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
}
endef
+
diff --git a/PROJECT b/PROJECT
new file mode 100644
index 0000000000000000000000000000000000000000..4c76654ce6108d6347efe284fc6c668ef7cad8f4
--- /dev/null
+++ b/PROJECT
@@ -0,0 +1,47 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
+domain: l2sm.k8s.local
+layout:
+- go.kubebuilder.io/v4
+projectName: controllermanager
+repo: github.com/Networks-it-uc3m/L2S-M
+resources:
+- api:
+ crdVersion: v1
+ namespaced: true
+ controller: true
+ domain: l2sm.k8s.local
+ group: l2sm
+ kind: L2Network
+ path: github.com/Networks-it-uc3m/L2S-M/api/v1
+ version: v1
+- controller: true
+ group: core
+ kind: Pod
+ path: k8s.io/api/core/v1
+ version: v1
+- api:
+ crdVersion: v1
+ namespaced: true
+ controller: true
+ domain: l2sm.k8s.local
+ group: l2sm
+ kind: NetworkEdgeDevice
+ path: github.com/Networks-it-uc3m/L2S-M/api/v1
+ version: v1
+- api:
+ crdVersion: v1
+ namespaced: true
+ controller: true
+ domain: l2sm.k8s.local
+ group: l2sm
+ kind: Overlay
+ path: github.com/Networks-it-uc3m/L2S-M/api/v1
+ version: v1
+ webhooks:
+ defaulting: true
+ validation: true
+ webhookVersion: v1
+version: "3"
diff --git a/README.md b/README.md
index 1c9708bffd36bddd95c4ab2e661a9eb43c089431..1ebe68838a23a959fd72e2e90f013c5ce576a2c7 100644
--- a/README.md
+++ b/README.md
@@ -1,37 +1,20 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# Multi domain L2S-M
+# Multi domain L2S-M
Welcome to the official repository of L2S-M, a **Kubernetes operator** that enables virtual networking in K8s clusters.
Link-Layer Secure connectivity for Microservice platforms (L2S-M) is a K8s networking solution that complements the CNI plugin approach of K8s to create and manage virtual networks in K8s clusters. These virtual networks allow workloads (pods) to have isolated link-layer connectivity with other pods in a K8s cluster, regardless of the k8s node where they are actually deployed. L2S-M enables the creation/deletion of virtual networks on-demand, as well as attaching/detaching pods to that networks. The solution is seamlessly integrated within the K8s environment, through a K8s operator:
-
+
L2S-M provides its intended functionalities using a programmable data-plane based on Software Defined Networking (SDN), which in turn provides a high degree of flexibility to dynamically incorporate new application and/or network configurations into K8s clusters. Moreover, L2S-M has been designed to flexibly accommodate various deployment options, ranging from small K8s clusters to those with a high number of distributed nodes.
The main K8s interface of pods remains intact (provided by a CNI plugin), retaining the compatibility with all the standard K8s elements (e.g., services, connectivity through the main interface, etc.). Moreover, the solution has the potential to be used for inter-cluster communications to support scenarios where network functions are spread through multiple distributed infrastructures (this is still a work in progress).
-The figure outlines the design of L2S-M. See [how L2S-M works](./L2S-M%20core/L2S-M/additional-info/) to read further details on the L2S-M solution.
+The figure outlines the design of L2S-M. See [how L2S-M works](./additional-info/) to read further details on the L2S-M solution.
-If you want to learn how to install L2S-M in your cluster, see the [installation guide](./L2S-M%20core/deployments) of this repository to start its installation.
+If you want to learn how to install L2S-M in your cluster, see the [installation guide](./deployments) of this repository to start its installation.
-Did you already install the operator and you cannot wait to start building your own virtual networks in your K8s cluster? Check out our [ping-pong](./L2S-M%20core/examples/ping-pong) example!
+
+Did you already install the operator and you cannot wait to start building your own virtual networks in your K8s cluster? Check out our [general usage guide](./additional-info/general-use.md)! If you're more interested in seeing a simple working example, you can start out with the [ping pong example](./examples/ping-pong/).
If you want more information about the original idea of L2S-M and its initial design, you can check our latest publication in the [IEEE Network journal](https://ieeexplore.ieee.org/document/9740640):
@@ -39,12 +22,15 @@ If you want more information about the original idea of L2S-M and its initial de
Did you like L2S-M and want to use it in your K8s infrastructure or project? Please, feel free to do so, and don't forget to cite us!
+### Demo video
+
+This [video](https://youtube.com/watch?v=Oj2gzm-YxYE&si=bV9eN77wTlXQZY3Y) exemplifies the process to create virtual networks in Kubernetes using the L2S-M open-source software. More concretely, it shows how L2S is used to create a simple content distribution network on a Kubernetes cluster.
### Inter-cluster communications
-L2S-M is now capable of managing inter-cluster communications, with custom resources that enable the creation of overlay network topologies and multi domain networks on demand. If you are interested in how these resources are defined, you can check [the provided inter-cluster example](./L2S-M%20core/examples/inter-cluster/) and [the source code of the Custom Resources.](./l2sm-api-resources)
-The solution can work jointly with L2S-M or be used standalone through the [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni). Details can be checked [here](https://github.com/Networks-it-uc3m/snd-based-inter-cluster-communications/blob/main/README.md).
-The solution enables the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.
+One of the most interesting features L2S-M has is that it enables communications among workloads deployed on differente Kubernetes clusters. You can perform the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.
+
+The solution can work jointly with L2S-M or be used standalone through the [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni). Details can be checked [here](./additional-info/inter-cluster.md). Even though the inter-cluster solution is meant to be used via [the multi-domain client](http://github.com/Networks-it-uc3m/l2sm-md), we provide examples of how can you manually set up an entire inter-cluster virtual overlay network in the [inter cluster setup guide](./examples/inter-cluster-setup/). If you have your infrastructure ready, you can go ahead to the [inter cluster networks example](./examples/inter-cluster-network)!
### Additional information about L2S-M
In the [following section](./additional-info) of the repository, you can find a series of documents and slides that provide additional information about L2S-M, including presentations where our solution has been showcased to the public in various events.
@@ -87,7 +73,7 @@ Do you have any doubts about L2S-M or its installation? Do you want to provide f
### Acknowledgement
The work in this open-source project has partially been supported by the European Horizon NEMO project (grant agreement 101070118), the European Horizon CODECO project (grant agreement 101092696), and by the national 6GINSPIRE project (PID2022-137329OB-C429).
-### Other projects where L2S-M has been used
+#### Other projects where L2S-M has been used
- H2020 FISHY Project: https://fishy-project.eu (grant agreement 952644)
- True5G Project: (PID2019-108713RB-C52 / AEI / 10.13039/501100011033)
- H2020 Labyrinth project: https://labyrinth2020.eu/ (grant agreement 861696).
diff --git a/L2S-M core/additional-info/OSM#13 Plenary Meeting.pdf b/additional-info/OSM#13 Plenary Meeting.pdf
similarity index 100%
rename from L2S-M core/additional-info/OSM#13 Plenary Meeting.pdf
rename to additional-info/OSM#13 Plenary Meeting.pdf
diff --git a/L2S-M core/additional-info/README.md b/additional-info/README.md
similarity index 72%
rename from L2S-M core/additional-info/README.md
rename to additional-info/README.md
index 1eb32c1a05515ab8536dbec6f3102dfb7e8aca6c..911de90e12384025ea21e122ea41eac7bbbfa662 100644
--- a/L2S-M core/additional-info/README.md
+++ b/additional-info/README.md
@@ -1,21 +1,3 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
# How does L2S-M work?
L2S-M takes a different approach to K8s networking in comparison with other solutions available, which mostly implement CNI plugins to be used as the main connectivity basis for a cluster. L2S-M is deployed as a complementary solution to these CNI Plugins, since it allows the creation and management of virtual networks in a K8s cluster in order to provide workloads with one (or several) interface(s) to communicate with other workloads attached to the same network(s) at the link-layer. The main CNI Plugin interface in these pods remains intact, allowing the standard K8s functionalities to still be available for the pods (services, communications using the main interface, etc.).
@@ -24,7 +6,7 @@ The following figure outlines a high-level overview of L2S-M, with an illustrati
-**NOTE**: The current version of L2S-M utilizes an infrastructure of virtual switches based on [Open Virtual Switch (OVS)](http://www.openvswitch.org). The integration of physical switches is currently ongoing.
+**NOTE**: The current version of L2S-M utilizes an infrastructure of virtual switches based on [Open Virtual Switch (OVS)](http://www.openvswitch.org). This implementation can be followed up in https://github.com/Networks-it-uc3m/l2sm-switch .
In L2S-M, a k8s node deploys a virtual SDN switch or is connected to a physical SDN switch. Virtual switches are interconnected through point-to-point links. These links are established using IP tunnels (based on VXLAN technologies). This way, SDN switches build an overlay network that interconnects all the K8s nodes. L2S-M uses an SDN controller to install forwarding rules on the virtual/physical switches. This way, data traffic among workloads is appropriately distributed through isolated virtual networks (i.e., the SDN controller instructs the switches which ports should be used to forward and/or block incoming/outgoing traffic).
@@ -32,6 +14,6 @@ Specifically for K8s clusters, the element in charge of managing the creation, d
To provide isolation among virtual networks, the operator interacts with the SDN controller component to communicate which ports are associated with each virtual network, updating its status every time a pod is deployed/deleted. Using this information, the SDN controller injects the corresponding rules in the switches, forwarding and/or blocking traffic according to the virtual networks being used at each moment.
-**NOTE**: The current version of L2S-M utilizes a simple-switch implementation based on the [RYU](https://ryu.readthedocs.io/en/latest/) SDN controller. An SDN application to specifically support virtual network isolation is currently under implementation.
+**NOTE**: The current version of L2S-M utilizes a custom implementation of SDN controller. This sdn controller implementation can be seen at https://github.com/Networks-it-uc3m/l2sm-controller .
-More information on how to deploy virtualise workloads attached to virtual networks can be seen in the [ping-pong](https://github.com/Networks-it-uc3m/L2S-M/tree/main/examples/ping-pong) example.
+More information on how to use this solution can be seen in the [how to use guide](./general-use.md).
diff --git a/additional-info/general-use.md b/additional-info/general-use.md
new file mode 100644
index 0000000000000000000000000000000000000000..bcf6b4e913498b2165f6078fe754b1fa692c023b
--- /dev/null
+++ b/additional-info/general-use.md
@@ -0,0 +1,48 @@
+# General Use of L2S-M Application
+
+This document will guide you through the usage of L2S-M, a tool designed to manage L2 networks, overlays, and Network Edge Devices (NEDs) within a Kubernetes cluster environment. L2S-M uses Custom Resource Definitions (CRDs) to enable flexible network management and pod attachment within Kubernetes.
+
+For more specific examples, you can go to the [examples section](../examples/), this document is meant to be a general use guide.
+## Custom Resource Definitions (CRDs)
+
+L2S-M introduces three core CRDs that allow users to configure networks, overlays, and edge devices dynamically:
+
+### 1. **L2Network CRD**
+ - **Purpose**: Defines a Layer 2 virtual network inside the Kubernetes environment.
+ - **Configurable Fields**:
+ - **Network Type**: Specifies the type of network.
+ - **Connectivity**: Controls the connection with the Software-Defined Networking (SDN) controller.
+ - **Connected Pods**: Lists the pods connected to this network.
+ - **Usage**: Once a network is defined, pods can be connected to it. The L2Network CRD provides specifications through the `spec` field, where the user defines the network attributes, while the `status` field reports the current state of the network, including the pods connected to it.
+ - An example of this CR can be found [here](../config/samples/l2sm_v1_l2network.yaml)
+
+### 2. **Overlay CRD**
+ - **Purpose**: Defines the logical connections between nodes in the cluster, creating the overlay network.
+ - **Configurable Fields**:
+ - **Topology**: Specifies how nodes should be interconnected.
+ - **Switch Template**: Defines the type of switches used within the overlay.
+ - **Network Controller**: Identifies the SDN controller responsible for managing the topology.
+ - **Usage**: Administrators can use the Overlay CRD to define the connections between nodes based on their resource capacities or geographic location, creating custom topologies suited to specific needs.
+ - An example of this CR can be found [here](../config/samples/l2sm_v1_overlay.yaml)
+
+
+### 3. **NetworkEdgeDevice (NED) CRD**
+ - **Purpose**: Extends the network beyond the cluster, enabling communication with external networks or other clusters.
+ - **Configurable Fields**:
+ - **Device Type**: Defines the hardware or software that forms the edge device.
+ - **Connections**: Specifies the external networks or clusters this NED should connect to.
+ - **Usage**: The NED CRD facilitates inter-cluster communication by connecting Kubernetes clusters or other platforms like OpenStack. Each NED is controlled by an SDN controller for dynamic flow control and traffic management.
+ - An example of this CR can be found [here](../config/samples/l2sm_v1_networkedgedevice.yaml)
+
+
+## Attaching Pods to Networks
+
+Pods can be dynamically attached to L2 networks defined by the L2Network CRD. This process involves the following steps:
+
+1. **Defining the L2Network**: Use the L2Network CRD to create a network in Kubernetes. The network will be managed by the L2S-M controller, which communicates with the SDN controller to configure the necessary networking parameters.
+
+2. **Scheduling Pods**: When a pod is deployed in the cluster, it can be attached to the L2Network by specifying the network during the pod creation process. The L2S-M controller will automatically configure the required network interfaces and assign IP addresses via the integrated IP Address Management (IPAM) system.
+
+3. **Monitoring Connectivity**: Once attached, the status of the pod’s network connectivity can be checked via the L2Network CRD’s `status` field, which will list all connected pods and report any changes in the connectivity state.
+
+
diff --git a/additional-info/implementation.md b/additional-info/implementation.md
new file mode 100644
index 0000000000000000000000000000000000000000..2506d512cdf998042d2710b39b83551b7b01a866
--- /dev/null
+++ b/additional-info/implementation.md
@@ -0,0 +1,111 @@
+# L2S-M Development
+
+This component is essentially a set of Custom Resource Definitions (CRDs) accompanied by a controller and a manager. It's designed to manage the overlays and virtual networks that L2S-M uses between pods within a K8s cluster.
+
+## Getting Started
+
+### Prerequisites
+- go version v1.21.0+
+- docker version 17.03+.
+- kubectl version v1.11.3+.
+- Access to a Kubernetes v1.11.3+ cluster.
+
+### To Deploy on the cluster
+**Build and push your image to the location specified by `IMG`, inside the Makefile:**
+
+```sh
+make docker-build docker-push
+```
+
+**NOTE:** The image ought to be published in the personal registry you specified.
+And it is required to have access to pull the image from the working environment.
+Make sure you have the proper permission to the registry if the above commands don’t work.
+
+**Deploy the Manager to the cluster with the image specified by `IMG`:**
+
+```sh
+make deploy
+```
+
+
+
+**Create instances of your solution**
+You can apply the samples (examples) from the config/sample:
+
+```sh
+kubectl apply -k config/samples/
+```
+
+>**NOTE**: Ensure that the samples has default values to test it out.
+
+### To Uninstall
+**Delete the instances (CRs) from the cluster:**
+
+```sh
+kubectl delete -k config/samples/
+```
+
+**UnDeploy the controller from the cluster:**
+
+```sh
+make undeploy
+```
+
+
+> **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin
+privileges or be logged in as admin.
+
+
+### To Run locally the solution and make your custom changes
+
+If you are interested in running the solution locally, feel free to make your own branch and start developing! Any feedback is welcome as well.
+
+We provide the following commands to run the application locally
+1. **Install the CRDs into the cluster:**
+
+```sh
+make install
+```
+2. **Deploy the webhook server locally:**
+```sh
+make deploy-webhook
+```
+3. **Run the application with the changes:**
+```sh
+make run
+```
+
+And once you've finished:
+**Delete the APIs(CRDs) from the cluster:**
+
+```sh
+make uninstall
+```
+**Remove the Webhook Server from the cluster:**
+```sh
+make undeploy-webhook
+```
+
+
+## Project Distribution
+
+Following are the steps to build the installer and distribute this project to users.
+
+1. Build the installer for the image built and published in the registry:
+
+```sh
+make build-installer
+```
+
+NOTE: The makefile target mentioned above generates an 'install.yaml'
+file in the deployment directory. This file contains all the resources built
+with Kustomize, which are necessary to install this project without
+its dependencies.
+
+2. Using the installer
+
+Users can just run kubectl apply -f <URL for YAML BUNDLE> to install the project, i.e.:
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/<org>/L2S-M/<tag or branch>/deployments/l2sm-deployment.yaml
+```
\ No newline at end of file
diff --git a/L2S-M core/additional-info/inter-cluster.md b/additional-info/inter-cluster.md
similarity index 72%
rename from L2S-M core/additional-info/inter-cluster.md
rename to additional-info/inter-cluster.md
index 470893840ebb9c14120683ed417fdf75e3e1d03c..7a30adcc059c5741ba93ce1d5c394332835b8e6d 100644
--- a/L2S-M core/additional-info/inter-cluster.md
+++ b/additional-info/inter-cluster.md
@@ -1,21 +1,3 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
# L2S-M in a Inter-Cluster scenario
>**Note: Work in progress** :wrench::wrench:
diff --git a/api/v1/groupversion_info.go b/api/v1/groupversion_info.go
new file mode 100644
index 0000000000000000000000000000000000000000..84e2a29aed43e1c2a36f6ece00a1b1ce379329ae
--- /dev/null
+++ b/api/v1/groupversion_info.go
@@ -0,0 +1,34 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package v1 contains API Schema definitions for the l2sm v1 API group
+// +kubebuilder:object:generate=true
+// +groupName=l2sm.l2sm.k8s.local
+package v1
+
+import (
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+ // GroupVersion is group version used to register these objects
+ GroupVersion = schema.GroupVersion{Group: "l2sm.l2sm.k8s.local", Version: "v1"}
+
+ // SchemeBuilder is used to add go types to the GroupVersionKind scheme
+ SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+ // AddToScheme adds the types in this group-version to the given scheme.
+ AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/l2sm-api-resources/api/v1/l2smnetwork_types.go b/api/v1/l2network_types.go
similarity index 69%
rename from l2sm-api-resources/api/v1/l2smnetwork_types.go
rename to api/v1/l2network_types.go
index ffc5b9aaae30412ecb77c6dc505c9654c2da9ec1..6645b79df7258f297a3d58854980e3c931be4dd2 100644
--- a/l2sm-api-resources/api/v1/l2smnetwork_types.go
+++ b/api/v1/l2network_types.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package v1
import (
@@ -49,8 +46,8 @@ type ProviderSpec struct {
Domain string `json:"domain"`
}
-// L2SMNetworkSpec defines the desired state of L2SMNetwork
-type L2SMNetworkSpec struct {
+// L2NetworkSpec defines the desired state of L2Network
+type L2NetworkSpec struct {
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
// Important: Run "make" to regenerate code after modifying this file
@@ -64,8 +61,8 @@ type L2SMNetworkSpec struct {
Provider *ProviderSpec `json:"provider,omitempty"`
}
-// L2SMNetworkStatus defines the observed state of L2SMNetwork
-type L2SMNetworkStatus struct {
+// L2NetworkStatus defines the observed state of L2Network
+type L2NetworkStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
@@ -85,24 +82,24 @@ type L2SMNetworkStatus struct {
// +kubebuilder:printcolumn:name="AVAILABILITY",type="string",JSONPath=".status.internalConnectivity",description="Internal SDN Controller Connectivity"
// +kubebuilder:printcolumn:name="CONNECTED_PODS",type=integer,JSONPath=".status.connectedPods",description="Internal SDN Controller Connectivity"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
-// L2SMNetwork is the Schema for the l2smnetworks API
-type L2SMNetwork struct {
+// L2Network is the Schema for the l2networks API
+type L2Network struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
- Spec L2SMNetworkSpec `json:"spec,omitempty"`
- Status L2SMNetworkStatus `json:"status,omitempty"`
+ Spec L2NetworkSpec `json:"spec,omitempty"`
+ Status L2NetworkStatus `json:"status,omitempty"`
}
//+kubebuilder:object:root=true
-// L2SMNetworkList contains a list of L2SMNetwork
-type L2SMNetworkList struct {
+// L2NetworkList contains a list of L2Network
+type L2NetworkList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
- Items []L2SMNetwork `json:"items"`
+ Items []L2Network `json:"items"`
}
func init() {
- SchemeBuilder.Register(&L2SMNetwork{}, &L2SMNetworkList{})
+ SchemeBuilder.Register(&L2Network{}, &L2NetworkList{})
}
diff --git a/api/v1/networkedgedevice_types.go b/api/v1/networkedgedevice_types.go
new file mode 100644
index 0000000000000000000000000000000000000000..c7f9c18f4ce2ee12f8f57bd1effe18811040f97e
--- /dev/null
+++ b/api/v1/networkedgedevice_types.go
@@ -0,0 +1,165 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// The SDN Controller that manages the overlay network.
+type NetworkControllerSpec struct {
+
+ // Name of the Network controller
+ Name string `json:"name"`
+
+ // Domain where the controller can be reached at. Must be a valid IP Address or Domain name, reachable from all the nodes where the switches are deployed at.
+ Domain string `json:"domain"`
+}
+
+type NeighborSpec struct {
+
+ // Name of the cluster the link is going to be made upon.
+ Node string `json:"node"`
+
+ // Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ // is going to be deployed at.
+ Domain string `json:"domain"`
+}
+
+type SwitchPodSpec struct {
+ // List of volumes that can be mounted by containers belonging to the pod.
+ // More info: https://kubernetes.io/docs/concepts/storage/volumes
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ // +listType=map
+ // +listMapKey=name
+ Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
+ // List of initialization containers belonging to the pod.
+ // Init containers are executed in order prior to containers being started. If any
+ // init container fails, the pod is considered to have failed and is handled according
+ // to its restartPolicy. The name for an init container or normal container must be
+ // unique among all containers.
+ // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ // The resourceRequirements of an init container are taken into account during scheduling
+ // by finding the highest request/limit for each resource type, and then using the max of
+ // of that value or the sum of the normal containers. Limits are applied to init containers
+ // in a similar fashion.
+ // Init containers cannot currently be added or removed.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=name
+ InitContainers []corev1.Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"`
+ // List of containers belonging to the pod.
+ // Containers cannot currently be added or removed.
+ // There must be at least one container in a Pod.
+ // Cannot be updated.
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=name
+ Containers []corev1.Container `json:"containers" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
+ // Host networking requested for this pod. Use the host's network namespace.
+ // If this option is set, the ports that will be used must be specified.
+ // Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"`
+}
+type SwitchTemplateSpec struct {
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ // +optional
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Specification of the desired behavior of the pod.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ // +optional
+ Spec SwitchPodSpec `json:"spec,omitempty"`
+}
+
+type NodeConfigSpec struct {
+ NodeName string `json:"nodeName"`
+
+ IPAddress string `json:"ipAddress"`
+}
+
+// NetworkEdgeDeviceSpec defines the desired state of NetworkEdgeDevice
+type NetworkEdgeDeviceSpec struct {
+ // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ // Important: Run "make" to regenerate code after modifying this file
+
+ // The SDN Controller that manages the overlay network. Must specify a domain and a name.
+ NetworkController *NetworkControllerSpec `json:"networkController"`
+
+ // Node Configuration
+ NodeConfig *NodeConfigSpec `json:"nodeConfig"`
+
+ // Field exclusive to the multi-domain overlay type. If specified in other types of overlays, the reosurce will launch an error and won't be created.
+ Neighbors []NeighborSpec `json:"neighbors,omitempty"`
+
+ // Template describes the virtual switch pod that will be created.
+ SwitchTemplate *SwitchTemplateSpec `json:"switchTemplate"`
+
+ // Available pod range. The pod specified will run a local grpc server and the next one will be used for the VXLAN creation
+}
+
+// NetworkEdgeDeviceStatus defines the observed state of NetworkEdgeDevice
+type NetworkEdgeDeviceStatus struct {
+ // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+ // Important: Run "make" to regenerate code after modifying this file
+
+ // Status of the overlay. Is available when switches are connected between them and with the network Controller.
+ // +kubebuilder:default=Unavailable
+ Availability *ConnectivityStatus `json:"availability"`
+
+ ConnectedNeighbors []NeighborSpec `json:"connectedNeighbors,omitempty"`
+
+ OpenflowId string `json:"openflowId,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// NetworkEdgeDevice is the Schema for the networkedgedevices API
+// +kubebuilder:printcolumn:name="STATUS",type="string",JSONPath=".status.availability",description="Availability status of the overlay"
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+type NetworkEdgeDevice struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Spec NetworkEdgeDeviceSpec `json:"spec,omitempty"`
+ Status NetworkEdgeDeviceStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// NetworkEdgeDeviceList contains a list of NetworkEdgeDevice
+type NetworkEdgeDeviceList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []NetworkEdgeDevice `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&NetworkEdgeDevice{}, &NetworkEdgeDeviceList{})
+}
diff --git a/api/v1/overlay_types.go b/api/v1/overlay_types.go
new file mode 100644
index 0000000000000000000000000000000000000000..191aaf340e611d5e8445be13fd31e3a3565516cc
--- /dev/null
+++ b/api/v1/overlay_types.go
@@ -0,0 +1,86 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type Link struct {
+ EndpointA string `json:"endpointA"`
+ EndpointB string `json:"endpointB"`
+}
+type TopologySpec struct {
+ Nodes []string `json:"nodes"`
+ Links []Link `json:"links"`
+}
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// OverlaySpec defines the desired state of Overlay
+type OverlaySpec struct {
+ // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ // Important: Run "make" to regenerate code after modifying this file
+
+ // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ // Important: Run "make" to regenerate code after modifying this file
+
+ // The SDN Controller that manages the overlay network. Must specify a domain and a name.
+ NetworkController *NetworkControllerSpec `json:"networkController"`
+
+ // Topology represents the desired topology, it's represented by the 'Nodes' field, a list of nodes where the switches are going to be deployed and a list of bidirectional links,
+ // selecting the nodes that are going to be linked.
+ Topology *TopologySpec `json:"topology,omitempty"`
+
+ // Field exclusive to the multi-domain overlay type. If specified in other types of overlays, the reosurce will launch an error and won't be created.
+ Neighbors []NeighborSpec `json:"neighbors,omitempty"`
+
+ // Template describes the virtual switch pod that will be created.
+ SwitchTemplate *SwitchTemplateSpec `json:"switchTemplate"`
+}
+
+// OverlayStatus defines the observed state of Overlay
+type OverlayStatus struct {
+ // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+ // Important: Run "make" to regenerate code after modifying this file
+
+ ConnectedNeighbors []NeighborSpec `json:"connectedNeighbors,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// Overlay is the Schema for the overlays API
+type Overlay struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Spec OverlaySpec `json:"spec,omitempty"`
+ Status OverlayStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// OverlayList contains a list of Overlay
+type OverlayList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []Overlay `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&Overlay{}, &OverlayList{})
+}
diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
new file mode 100644
index 0000000000000000000000000000000000000000..deb5ad3c723a3cca4c5a06c4f96a1eb5f233c398
--- /dev/null
+++ b/api/v1/zz_generated.deepcopy.go
@@ -0,0 +1,524 @@
+//go:build !ignore_autogenerated
+
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ corev1 "k8s.io/api/core/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *L2Network) DeepCopyInto(out *L2Network) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2Network.
+func (in *L2Network) DeepCopy() *L2Network {
+ if in == nil {
+ return nil
+ }
+ out := new(L2Network)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *L2Network) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *L2NetworkList) DeepCopyInto(out *L2NetworkList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]L2Network, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2NetworkList.
+func (in *L2NetworkList) DeepCopy() *L2NetworkList {
+ if in == nil {
+ return nil
+ }
+ out := new(L2NetworkList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *L2NetworkList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *L2NetworkSpec) DeepCopyInto(out *L2NetworkSpec) {
+ *out = *in
+ if in.Config != nil {
+ in, out := &in.Config, &out.Config
+ *out = new(string)
+ **out = **in
+ }
+ if in.Provider != nil {
+ in, out := &in.Provider, &out.Provider
+ *out = new(ProviderSpec)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2NetworkSpec.
+func (in *L2NetworkSpec) DeepCopy() *L2NetworkSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(L2NetworkSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *L2NetworkStatus) DeepCopyInto(out *L2NetworkStatus) {
+ *out = *in
+ if in.ConnectedPods != nil {
+ in, out := &in.ConnectedPods, &out.ConnectedPods
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.InternalConnectivity != nil {
+ in, out := &in.InternalConnectivity, &out.InternalConnectivity
+ *out = new(ConnectivityStatus)
+ **out = **in
+ }
+ if in.ProviderConnectivity != nil {
+ in, out := &in.ProviderConnectivity, &out.ProviderConnectivity
+ *out = new(ConnectivityStatus)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2NetworkStatus.
+func (in *L2NetworkStatus) DeepCopy() *L2NetworkStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(L2NetworkStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Link) DeepCopyInto(out *Link) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Link.
+func (in *Link) DeepCopy() *Link {
+ if in == nil {
+ return nil
+ }
+ out := new(Link)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NeighborSpec) DeepCopyInto(out *NeighborSpec) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NeighborSpec.
+func (in *NeighborSpec) DeepCopy() *NeighborSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(NeighborSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkControllerSpec) DeepCopyInto(out *NetworkControllerSpec) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkControllerSpec.
+func (in *NetworkControllerSpec) DeepCopy() *NetworkControllerSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkControllerSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkEdgeDevice) DeepCopyInto(out *NetworkEdgeDevice) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEdgeDevice.
+func (in *NetworkEdgeDevice) DeepCopy() *NetworkEdgeDevice {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkEdgeDevice)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *NetworkEdgeDevice) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkEdgeDeviceList) DeepCopyInto(out *NetworkEdgeDeviceList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]NetworkEdgeDevice, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEdgeDeviceList.
+func (in *NetworkEdgeDeviceList) DeepCopy() *NetworkEdgeDeviceList {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkEdgeDeviceList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *NetworkEdgeDeviceList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkEdgeDeviceSpec) DeepCopyInto(out *NetworkEdgeDeviceSpec) {
+ *out = *in
+ if in.NetworkController != nil {
+ in, out := &in.NetworkController, &out.NetworkController
+ *out = new(NetworkControllerSpec)
+ **out = **in
+ }
+ if in.NodeConfig != nil {
+ in, out := &in.NodeConfig, &out.NodeConfig
+ *out = new(NodeConfigSpec)
+ **out = **in
+ }
+ if in.Neighbors != nil {
+ in, out := &in.Neighbors, &out.Neighbors
+ *out = make([]NeighborSpec, len(*in))
+ copy(*out, *in)
+ }
+ if in.SwitchTemplate != nil {
+ in, out := &in.SwitchTemplate, &out.SwitchTemplate
+ *out = new(SwitchTemplateSpec)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEdgeDeviceSpec.
+func (in *NetworkEdgeDeviceSpec) DeepCopy() *NetworkEdgeDeviceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkEdgeDeviceSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkEdgeDeviceStatus) DeepCopyInto(out *NetworkEdgeDeviceStatus) {
+ *out = *in
+ if in.Availability != nil {
+ in, out := &in.Availability, &out.Availability
+ *out = new(ConnectivityStatus)
+ **out = **in
+ }
+ if in.ConnectedNeighbors != nil {
+ in, out := &in.ConnectedNeighbors, &out.ConnectedNeighbors
+ *out = make([]NeighborSpec, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEdgeDeviceStatus.
+func (in *NetworkEdgeDeviceStatus) DeepCopy() *NetworkEdgeDeviceStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkEdgeDeviceStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NodeConfigSpec) DeepCopyInto(out *NodeConfigSpec) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigSpec.
+func (in *NodeConfigSpec) DeepCopy() *NodeConfigSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(NodeConfigSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Overlay) DeepCopyInto(out *Overlay) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Overlay.
+func (in *Overlay) DeepCopy() *Overlay {
+ if in == nil {
+ return nil
+ }
+ out := new(Overlay)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Overlay) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OverlayList) DeepCopyInto(out *OverlayList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]Overlay, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverlayList.
+func (in *OverlayList) DeepCopy() *OverlayList {
+ if in == nil {
+ return nil
+ }
+ out := new(OverlayList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OverlayList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OverlaySpec) DeepCopyInto(out *OverlaySpec) {
+ *out = *in
+ if in.NetworkController != nil {
+ in, out := &in.NetworkController, &out.NetworkController
+ *out = new(NetworkControllerSpec)
+ **out = **in
+ }
+ if in.Topology != nil {
+ in, out := &in.Topology, &out.Topology
+ *out = new(TopologySpec)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Neighbors != nil {
+ in, out := &in.Neighbors, &out.Neighbors
+ *out = make([]NeighborSpec, len(*in))
+ copy(*out, *in)
+ }
+ if in.SwitchTemplate != nil {
+ in, out := &in.SwitchTemplate, &out.SwitchTemplate
+ *out = new(SwitchTemplateSpec)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverlaySpec.
+func (in *OverlaySpec) DeepCopy() *OverlaySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(OverlaySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OverlayStatus) DeepCopyInto(out *OverlayStatus) {
+ *out = *in
+ if in.ConnectedNeighbors != nil {
+ in, out := &in.ConnectedNeighbors, &out.ConnectedNeighbors
+ *out = make([]NeighborSpec, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverlayStatus.
+func (in *OverlayStatus) DeepCopy() *OverlayStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(OverlayStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.
+func (in *ProviderSpec) DeepCopy() *ProviderSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ProviderSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SwitchPodSpec) DeepCopyInto(out *SwitchPodSpec) {
+ *out = *in
+ if in.Volumes != nil {
+ in, out := &in.Volumes, &out.Volumes
+ *out = make([]corev1.Volume, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.InitContainers != nil {
+ in, out := &in.InitContainers, &out.InitContainers
+ *out = make([]corev1.Container, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Containers != nil {
+ in, out := &in.Containers, &out.Containers
+ *out = make([]corev1.Container, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwitchPodSpec.
+func (in *SwitchPodSpec) DeepCopy() *SwitchPodSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(SwitchPodSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SwitchTemplateSpec) DeepCopyInto(out *SwitchTemplateSpec) {
+ *out = *in
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwitchTemplateSpec.
+func (in *SwitchTemplateSpec) DeepCopy() *SwitchTemplateSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(SwitchTemplateSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TopologySpec) DeepCopyInto(out *TopologySpec) {
+ *out = *in
+ if in.Nodes != nil {
+ in, out := &in.Nodes, &out.Nodes
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Links != nil {
+ in, out := &in.Links, &out.Links
+ *out = make([]Link, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySpec.
+func (in *TopologySpec) DeepCopy() *TopologySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(TopologySpec)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/L2S-M core/assets/inter-cluster-arch.svg b/assets/inter-cluster-arch.svg
similarity index 100%
rename from L2S-M core/assets/inter-cluster-arch.svg
rename to assets/inter-cluster-arch.svg
diff --git a/L2S-M core/assets/inter-cluster-diagram.svg b/assets/inter-cluster-diagram.svg
similarity index 100%
rename from L2S-M core/assets/inter-cluster-diagram.svg
rename to assets/inter-cluster-diagram.svg
diff --git a/L2S-M core/assets/v1_architecture.png b/assets/v1_architecture.png
similarity index 100%
rename from L2S-M core/assets/v1_architecture.png
rename to assets/v1_architecture.png
diff --git a/L2S-M core/assets/video-server-example.svg b/assets/video-server-example.svg
similarity index 100%
rename from L2S-M core/assets/video-server-example.svg
rename to assets/video-server-example.svg
diff --git a/l2sm-api-resources/cmd/main.go b/cmd/main.go
similarity index 66%
rename from l2sm-api-resources/cmd/main.go
rename to cmd/main.go
index c2b2ce1ced12243ac5fc29affdde8427bfe28a8c..25b2c4eb53587247ef69d67220117cbcd205c45b 100644
--- a/l2sm-api-resources/cmd/main.go
+++ b/cmd/main.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package main
import (
@@ -26,6 +23,8 @@ import (
// to ensure that exec-entrypoint and run can make use of them.
_ "k8s.io/client-go/plugin/pkg/client/auth"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ "github.com/Networks-it-uc3m/L2S-M/internal/controller"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -34,10 +33,10 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
"sigs.k8s.io/controller-runtime/pkg/webhook"
+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
- "l2sm.k8s.local/l2smnetwork/internal/controller"
//+kubebuilder:scaffold:imports
+ nettypes "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
)
var (
@@ -49,6 +48,8 @@ func init() {
utilruntime.Must(clientgoscheme.AddToScheme(scheme))
utilruntime.Must(l2smv1.AddToScheme(scheme))
+ utilruntime.Must(nettypes.AddToScheme(scheme))
+
//+kubebuilder:scaffold:scheme
}
@@ -123,22 +124,44 @@ func main() {
os.Exit(1)
}
- if err = (&controller.L2SMNetworkReconciler{
+ if err = (&controller.L2NetworkReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
}).SetupWithManager(mgr); err != nil {
- setupLog.Error(err, "unable to create controller", "controller", "L2SMNetwork")
+ setupLog.Error(err, "unable to create controller", "controller", "L2Network")
+ os.Exit(1)
+ }
+ if err = (&controller.PodReconciler{
+ Client: mgr.GetClient(),
+ Scheme: mgr.GetScheme(),
+ SwitchesNamespace: os.Getenv("SWITCHES_NAMESPACE"),
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "Pod")
os.Exit(1)
}
- // if err = (&controller.PodReconciler{
- // Client: mgr.GetClient(),
- // Scheme: mgr.GetScheme(),
- // }).SetupWithManager(mgr); err != nil {
- // setupLog.Error(err, "unable to create controller", "controller", "Pod")
- // os.Exit(1)
- // }
+ if err = (&controller.NetworkEdgeDeviceReconciler{
+ Client: mgr.GetClient(),
+ Scheme: mgr.GetScheme(),
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "NetworkEdgeDevice")
+ os.Exit(1)
+ }
+ if err = (&controller.OverlayReconciler{
+ Client: mgr.GetClient(),
+ Scheme: mgr.GetScheme(),
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "Overlay")
+ os.Exit(1)
+ }
+ if os.Getenv("ENABLE_WEBHOOKS") != "false" {
+ podAnnotator := &controller.PodAnnotator{Client: mgr.GetClient(), SwitchesNamespace: os.Getenv("SWITCHES_NAMESPACE")}
+ if err := podAnnotator.InjectDecoder(admission.NewDecoder(mgr.GetScheme())); err != nil {
+ setupLog.Error(err, "unable to inject decoder into PodAnnotator")
+ os.Exit(1)
+ }
+ mgr.GetWebhookServer().Register("/mutate-v1-pod", &webhook.Admission{Handler: podAnnotator})
+ }
//+kubebuilder:scaffold:builder
-
if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
setupLog.Error(err, "unable to set up health check")
os.Exit(1)
diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ab6227c9f66a2fdf389c8cba375bcaf8e4963b47
--- /dev/null
+++ b/config/certmanager/certificate.yaml
@@ -0,0 +1,53 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: selfsigned-issuer
+ namespace: system
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
+ namespace: system
+spec:
+ # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+ dnsNames:
+ - SERVICE_NAME.SERVICE_NAMESPACE.svc
+ - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: selfsigned-issuer
+ secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9ed8178a21f9246048f84d6c373b98235dd81e15
--- /dev/null
+++ b/config/certmanager/kustomization.yaml
@@ -0,0 +1,19 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- certificate.yaml
+
+configurations:
+- kustomizeconfig.yaml
diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f5b004f5ac34e0af358591125e452dd7c5369646
--- /dev/null
+++ b/config/certmanager/kustomizeconfig.yaml
@@ -0,0 +1,22 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This configuration is for teaching kustomize how to update name ref substitution
+nameReference:
+- kind: Issuer
+ group: cert-manager.io
+ fieldSpecs:
+ - kind: Certificate
+ group: cert-manager.io
+ path: spec/issuerRef/name
diff --git a/l2sm-api-resources/config/crd/bases/l2sm.l2sm.k8s.local_l2smnetworks.yaml b/config/crd/bases/l2sm.l2sm.k8s.local_l2networks.yaml
similarity index 80%
rename from l2sm-api-resources/config/crd/bases/l2sm.l2sm.k8s.local_l2smnetworks.yaml
rename to config/crd/bases/l2sm.l2sm.k8s.local_l2networks.yaml
index e1821f35b80dcb16f421ee31564408497c6395ae..d0ea7de301c3184e234205ddff4e8b3a21055b82 100644
--- a/l2sm-api-resources/config/crd/bases/l2sm.l2sm.k8s.local_l2smnetworks.yaml
+++ b/config/crd/bases/l2sm.l2sm.k8s.local_l2networks.yaml
@@ -1,34 +1,31 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
- name: l2smnetworks.l2sm.l2sm.k8s.local
+ name: l2networks.l2sm.l2sm.k8s.local
spec:
group: l2sm.l2sm.k8s.local
names:
- kind: L2SMNetwork
- listKind: L2SMNetworkList
- plural: l2smnetworks
- singular: l2smnetwork
+ kind: L2Network
+ listKind: L2NetworkList
+ plural: l2networks
+ singular: l2network
scope: Namespaced
versions:
- additionalPrinterColumns:
@@ -46,7 +43,7 @@ spec:
name: v1
schema:
openAPIV3Schema:
- description: L2SMNetwork is the Schema for the l2smnetworks API
+ description: L2Network is the Schema for the l2networks API
properties:
apiVersion:
description: |-
@@ -66,7 +63,7 @@ spec:
metadata:
type: object
spec:
- description: L2SMNetworkSpec defines the desired state of L2SMNetwork
+ description: L2NetworkSpec defines the desired state of L2Network
properties:
config:
description: Config is an optional field that is meant to be used
@@ -96,7 +93,7 @@ spec:
- type
type: object
status:
- description: L2SMNetworkStatus defines the observed state of L2SMNetwork
+ description: L2NetworkStatus defines the observed state of L2Network
properties:
connectedPods:
description: Existing Pods in the cluster, connected to the specific
@@ -124,7 +121,6 @@ spec:
- Unknown
type: string
required:
- - connectedPods
- internalConnectivity
type: object
type: object
diff --git a/config/crd/bases/l2sm.l2sm.k8s.local_networkedgedevices.yaml b/config/crd/bases/l2sm.l2sm.k8s.local_networkedgedevices.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..006ffbaf226c221b8f54958327591be62a4e7cd4
--- /dev/null
+++ b/config/crd/bases/l2sm.l2sm.k8s.local_networkedgedevices.yaml
@@ -0,0 +1,4611 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: networkedgedevices.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: NetworkEdgeDevice
+ listKind: NetworkEdgeDeviceList
+ plural: networkedgedevices
+ singular: networkedgedevice
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Availability status of the overlay
+ jsonPath: .status.availability
+ name: STATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: NetworkEdgeDevice is the Schema for the networkedgedevices API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NetworkEdgeDeviceSpec defines the desired state of NetworkEdgeDevice
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ nodeConfig:
+ description: Node Configuration
+ properties:
+ ipAddress:
+ type: string
+ nodeName:
+ type: string
+ required:
+ - ipAddress
+ - nodeName
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ required:
+ - networkController
+ - nodeConfig
+ - switchTemplate
+ type: object
+ status:
+ description: NetworkEdgeDeviceStatus defines the observed state of NetworkEdgeDevice
+ properties:
+ availability:
+ default: Unavailable
+ description: Status of the overlay. Is available when switches are
+ connected between them and with the network Controller.
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ openflowId:
+ type: string
+ required:
+ - availability
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/crd/bases/l2sm.l2sm.k8s.local_overlays.yaml b/config/crd/bases/l2sm.l2sm.k8s.local_overlays.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e2c5e8508943ddfca9e725952e5cbae98cb694ea
--- /dev/null
+++ b/config/crd/bases/l2sm.l2sm.k8s.local_overlays.yaml
@@ -0,0 +1,4603 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: overlays.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: Overlay
+ listKind: OverlayList
+ plural: overlays
+ singular: overlay
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: Overlay is the Schema for the overlays API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OverlaySpec defines the desired state of Overlay
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ topology:
+ description: |-
+ Topology represents the desired topology, it's represented by the 'Nodes' field, a list of nodes where the switches are going to be deployed and a list of bidirectional links,
+ selecting the nodes that are going to be linked.
+ properties:
+ links:
+ items:
+ properties:
+ endpointA:
+ type: string
+ endpointB:
+ type: string
+ required:
+ - endpointA
+ - endpointB
+ type: object
+ type: array
+ nodes:
+ items:
+ type: string
+ type: array
+ required:
+ - links
+ - nodes
+ type: object
+ required:
+ - networkController
+ - switchTemplate
+ type: object
+ status:
+ description: OverlayStatus defines the observed state of Overlay
+ properties:
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/l2sm-api-resources/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
similarity index 55%
rename from l2sm-api-resources/config/crd/kustomization.yaml
rename to config/crd/kustomization.yaml
index 6c0baec2c9de7b342e90d7d1c62f8272f963abcd..4d89c69443deec020089b94f7fa44bd09f1512b2 100644
--- a/l2sm-api-resources/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -1,36 +1,39 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
-- bases/l2sm.l2sm.k8s.local_l2smnetworks.yaml
+- bases/l2sm.l2sm.k8s.local_l2networks.yaml
+- bases/l2sm.l2sm.k8s.local_networkedgedevices.yaml
+- bases/l2sm.l2sm.k8s.local_overlays.yaml
#+kubebuilder:scaffold:crdkustomizeresource
patches:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
-#- path: patches/webhook_in_l2smnetworks.yaml
+#- path: patches/webhook_in_l2networks.yaml
+#- path: patches/webhook_in_networkedgedevices.yaml
+#- path: patches/webhook_in_overlays.yaml
#+kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
-#- path: patches/cainjection_in_l2smnetworks.yaml
+#- path: patches/cainjection_in_l2networks.yaml
+#- path: patches/cainjection_in_networkedgedevices.yaml
+#- path: patches/cainjection_in_overlays.yaml
#+kubebuilder:scaffold:crdkustomizecainjectionpatch
# [WEBHOOK] To enable webhook, uncomment the following section
diff --git a/l2sm-api-resources/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml
similarity index 53%
rename from l2sm-api-resources/config/crd/kustomizeconfig.yaml
rename to config/crd/kustomizeconfig.yaml
index c454e69cab1d4952baffc57f42430d331550e4ae..f852d1907b6ce67c08e86c704e18ee0de260d6f0 100644
--- a/l2sm-api-resources/config/crd/kustomizeconfig.yaml
+++ b/config/crd/kustomizeconfig.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..50bdc2f2c2a0e6dc8c8c95287341bc9c27993b0b
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,125 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Adds namespace to all resources.
+namespace: l2sm-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: l2sm-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+# pairs:
+# someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+- ../sdncontroller
+
+patches:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- path: manager_auth_proxy_patch.yaml
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+- path: manager_webhook_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+- path: webhookcainjection_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+# Uncomment the following replacements to add the cert-manager CA injection annotations
+replacements:
+- source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+ kind: Certificate
+ group: cert-manager.io
+ version: v1
+ name: serving-cert # this name should match the one in certificate.yaml
+ fieldPath: .metadata.namespace # namespace of the certificate CR
+ targets:
+ - select:
+ kind: MutatingWebhookConfiguration
+ fieldPaths:
+ - .metadata.annotations.[cert-manager.io/inject-ca-from]
+ options:
+ delimiter: '/'
+ index: 0
+ create: true
+- source:
+ kind: Certificate
+ group: cert-manager.io
+ version: v1
+ name: serving-cert # this name should match the one in certificate.yaml
+ fieldPath: .metadata.name
+ targets:
+ - select:
+ kind: MutatingWebhookConfiguration
+ fieldPaths:
+ - .metadata.annotations.[cert-manager.io/inject-ca-from]
+ options:
+ delimiter: '/'
+ index: 1
+ create: true
+- source: # Add cert-manager annotation to the webhook Service
+ kind: Service
+ version: v1
+ name: webhook-service
+ fieldPath: .metadata.name # namespace of the service
+ targets:
+ - select:
+ kind: Certificate
+ group: cert-manager.io
+ version: v1
+ fieldPaths:
+ - .spec.dnsNames.0
+ - .spec.dnsNames.1
+ options:
+ delimiter: '.'
+ index: 0
+ create: true
+- source:
+ kind: Service
+ version: v1
+ name: webhook-service
+ fieldPath: .metadata.namespace # namespace of the service
+ targets:
+ - select:
+ kind: Certificate
+ group: cert-manager.io
+ version: v1
+ fieldPaths:
+ - .spec.dnsNames.0
+ - .spec.dnsNames.1
+ options:
+ delimiter: '.'
+ index: 1
+ create: true
diff --git a/l2sm-api-resources/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
similarity index 68%
rename from l2sm-api-resources/config/default/manager_auth_proxy_patch.yaml
rename to config/default/manager_auth_proxy_patch.yaml
index 0bf403b8fe3d1b33b29c7e23ceb608435c6c791e..38276e4692ba8eb113367cb73d8976012dcdfdde 100644
--- a/l2sm-api-resources/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee4b75428fcd6d9066ee830c8739bb56eef4fde3
--- /dev/null
+++ b/config/default/manager_config_patch.yaml
@@ -0,0 +1,24 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+spec:
+ template:
+ spec:
+ containers:
+ - name: manager
diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0060c9064da216389bdaf68c52426388111b3938
--- /dev/null
+++ b/config/default/manager_webhook_patch.yaml
@@ -0,0 +1,37 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6e177fd2ec19b4ee09f953b2a5a9c44d6ac4882b
--- /dev/null
+++ b/config/default/webhookcainjection_patch.yaml
@@ -0,0 +1,48 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This patch add annotation to admission webhook config and
+# CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ labels:
+ app.kubernetes.io/name: mutatingwebhookconfiguration
+ app.kubernetes.io/instance: mutating-webhook-configuration
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: mutating-webhook-configuration
+ annotations:
+ cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+webhooks:
+ - name: mpod.kb.io
+ clientConfig:
+ service:
+ name: l2sm-webhook-service
+ namespace: default
+ path: /mutate-v1-pod
+ caBundle: ""
+ rules:
+ - operations: [ "CREATE", "UPDATE" ]
+ apiGroups: [""]
+ apiVersions: ["v1"]
+ resources: ["pods"]
+ failurePolicy: Ignore
+ sideEffects: None
+ admissionReviewVersions: ["v1"]
+ objectSelector:
+ matchLabels:
+ l2sm: "true"
\ No newline at end of file
diff --git a/config/dev/kustomization.yaml b/config/dev/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5b65a642b0813388314dedcd4388700b1215189c
--- /dev/null
+++ b/config/dev/kustomization.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# # Adds namespace to all resources.
+#namespace: l2sm-system
+
+# # Value of this field is prepended to the
+# # names of all resources, e.g. a deployment named
+# # "wordpress" becomes "alices-wordpress".
+# # Note that it should also match with the prefix (text before '-') of the namespace
+# # field above.
+# namePrefix: l2sm-
+
+resources:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+- ../webhook
+- ../sdncontroller
+- ../tmp
+patches:
+- path: webhookcainjection_patch.yaml
+
diff --git a/config/dev/openssl.cnf b/config/dev/openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..73f4ad5b760d9ebab50749fc9d084ce914ad080c
--- /dev/null
+++ b/config/dev/openssl.cnf
@@ -0,0 +1,33 @@
+[ req ]
+default_bits = 2048
+default_md = sha256
+default_keyfile = webhook.key
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+organizationName = Organization Name (eg, company)
+organizationName_default = My Company
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_default = webhook-server.local
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ v3_ca ]
+subjectAltName = @alt_names
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ alt_names ]
+IP.1 = 127.0.0.1
+IP.2 = 192.168.122.60
+DNS.1 = localhost
+DNS.2 = webhook-server.local
diff --git a/config/dev/serving-certs/tls.b64 b/config/dev/serving-certs/tls.b64
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/config/dev/serving-certs/tls.crt b/config/dev/serving-certs/tls.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f4e016db796575cd108a0742c6898b154f29d2c4
--- /dev/null
+++ b/config/dev/serving-certs/tls.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiSgAwIBAgIUMWbe9ReCZbOx+ZrGxrrmnwLAEPQwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNbG9jYWwtd2ViaG9vazAeFw0yNDA2MDkxMTA2MTRaFw0y
+NTA2MDkxMTA2MTRaMBgxFjAUBgNVBAMMDWxvY2FsLXdlYmhvb2swggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT7Fk/xSQ7ABspQ1rBIV4d0elmvshkWSob
+Ga5+xgtnXkAD7XMj36Wb8IOCR8NfxVZs2PhMbiyKgkTOSfjpHj8veMEbbcSuBWsB
+WOMqlrZzvLiNFF31Hl5A//RDgzKe9RyhDMHsQ7fV9bYlsKECvUHWqhKTMVeSZTgH
+TYBX3FP2b2uRqR36Dy4iF5Qc49GpJFOCKY3qk87p/3NKgemCRbripuzsXyzmS5pl
+Zt4yk4KOAil5/hwWPiQJDhun5onO7nRX7xgi3BbkFIW5kvqdtUOHk+PvHAZ+fot7
+IQBpLs/GAdqR46/kfMBN8wFeF5Hn1u9JLMT9UxbCNy6ztijFqmCbAgMBAAGjfjB8
+MDYGA1UdEQQvMC2HBH8AAAGHBAoAAgSCCWxvY2FsaG9zdIIUd2ViaG9vay1zZXJ2
+ZXIubG9jYWwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G
+A1UdDgQWBBRBfDw/L2GiRscpR4sQvRjOoUV/MDANBgkqhkiG9w0BAQsFAAOCAQEA
+WunQMC+EqvCrN6cGGkyIenNw3V1SVAneuvcTIoWxsRFINI2ubRBWDe5ZxkDLvJKH
+ou8Yq9jyxJehxGkr8yoIoYaDqEo4YBlmQSm7TJ34N5kVJGoy/GrZ/IwMtjA/6QMQ
+CjCXwAC4KmNfpEk6y3qcjxZcGQE+YRuIbms4YKPiDmR0duY+umMJAzDmqliGXThe
+rnoeweOz+koIHYSx8g9ZApg51rc0EoNyqoxcwTV7Q0BTtGB9DQUxbRyZZNLaOr6r
+BfR00zg7tIKmIe2wXEVREkDGPoOY+F6nPcYEYdMyepODaRKsvj8x0/ghbf60nu7H
+4JwUiMr6JP0LSHNDXbgWPQ==
+-----END CERTIFICATE-----
diff --git a/config/dev/serving-certs/tls.key b/config/dev/serving-certs/tls.key
new file mode 100644
index 0000000000000000000000000000000000000000..58f680d9f0576d455d02471d003a910ba523e9ef
--- /dev/null
+++ b/config/dev/serving-certs/tls.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCT7Fk/xSQ7ABsp
+Q1rBIV4d0elmvshkWSobGa5+xgtnXkAD7XMj36Wb8IOCR8NfxVZs2PhMbiyKgkTO
+SfjpHj8veMEbbcSuBWsBWOMqlrZzvLiNFF31Hl5A//RDgzKe9RyhDMHsQ7fV9bYl
+sKECvUHWqhKTMVeSZTgHTYBX3FP2b2uRqR36Dy4iF5Qc49GpJFOCKY3qk87p/3NK
+gemCRbripuzsXyzmS5plZt4yk4KOAil5/hwWPiQJDhun5onO7nRX7xgi3BbkFIW5
+kvqdtUOHk+PvHAZ+fot7IQBpLs/GAdqR46/kfMBN8wFeF5Hn1u9JLMT9UxbCNy6z
+tijFqmCbAgMBAAECggEARo+xqyfBNpvAWRiWDBZ8rMDbE3XiZWvbF/5SLIsQGYju
+BHGaQPyIJTC/qr/MxLx/k4CUQPE1MgUeCUFkCN+yyFRT2V+tOE3BU20xP7mQ4vid
+GD8k6q5Hy73MqP/Gf+jwdSp+vtM2uEtzTdtJkuLwqxOJtMkOuvipl2Iy3LZvHtgh
+pdPYMp6wb0j/QDjaLCKw/7WosGcLLmAnBZAe+I7J2xDwirZTQYfVVqYTgaoh1UFX
+YpHWJ7oc/2vxWJA7K4m+rjx76X02eC/FkJYSlHJz8+IddRq29HVxHeS/mj4LLAvD
+Zh2LU0rZLjXtYepevZ8jSBfrCauUg8opCqOKTMxQwQKBgQDLNZE/qIr1H8s5M+OK
+KAmhfHoM6ZoKFcGx8YAn8sVfLqbu6iC6E0/uIvNRGbVhL3ZJCjPBBOlV3l6h2oth
+HKDsCkGoWMUsVDOgM1i/n6wt2H0DL4771NyuabRprUSD745kbiVBjGUklMdSGDOV
+TpFPMxM7bGrmhf0RnUJlaCkHawKBgQC6WfwTQ4XNfVDe+FRsvThDpkeurkU5cXCh
+HmG1b3wlUF4q0i9EQ3TPy5Y0gyEWJ9XRG52KVlxyorGQ25uweDhSTmeqmhwoT5gR
+Ip8GlFNFv/EEny/q4ViTpvhcPbpUqiASGwXw0YgR9jOIbSZkmOVysZBEOedNcR8Z
+l7urhDvHkQKBgHIO+h0CDCT0GIxd/JyCRo2Woab3w5dfiN3JEMbbdD8tn1NApOfs
+iRPAGFRwGqeXDUyH5m6zxAiHjRRJ56u1dvml9B563Qk5pdSInYrJI8qD1f9gxV/C
+pa9b84DRWUC4yHLEhDLbi7XRsGL65JEsjVEn+OaEvyfvExG89BSZN1ZLAoGAIZ2F
+2Tu+8Th/1BjbsdnYQmvGVn5dQmVyOb4vRflcXabHtdXAbQH2Gl3RNJvK5iI9ccEX
+hBLcDlnGyiizRvwIvOAj1ySBm8vv1Hd4VEmBU/2xznGgxS/tOIVQG+OOryMZMerq
+AWzqrMLKvPtjh5YFHdFmAsinLtMPFyDF28S4u+ECgYBO8U9WhdBM5TSocmoH6al5
+OT9FgdhKi5BDDjvR/kZ4o0qP4Ku2xbWWK851UCvyk9CDRG3CPCcRYBOuZyZ8CwZS
+tdZH2AdiZekmcD4wOJqbzYNu6PL60RVSsCKJhyk4gBtAZrsFYZ/aAkG2GpEYKrno
+NBOcK40GdpwmjpUhhbEsvw==
+-----END PRIVATE KEY-----
diff --git a/config/dev/webhookcainjection_patch.yaml b/config/dev/webhookcainjection_patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0f98e68e16fdfc182efaf7404f3f4e9f1d1d6dfe
--- /dev/null
+++ b/config/dev/webhookcainjection_patch.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ labels:
+ app.kubernetes.io/name: mutatingwebhookconfiguration
+ app.kubernetes.io/instance: mutating-webhook-configuration
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: mutating-webhook-configuration
+webhooks:
+ - name: mpod.kb.io
+ clientConfig:
+ url: https://192.168.122.60:9443/mutate-v1-pod
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIVENDQWdXZ0F3SUJBZ0lVS1B3bFFOc0RrOTc2Uk5NMGRVQ2l4c2dxNk5Fd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dERVdNQlFHQTFVRUF3d05iRzlqWVd3dGQyVmlhRzl2YXpBZUZ3MHlOREV3TURNd05ESXdOREJhRncweQpOVEV3TURNd05ESXdOREJhTUJneEZqQVVCZ05WQkFNTURXeHZZMkZzTFhkbFltaHZiMnN3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM4aDQ5S0Y0Y0hvS1dDVVU2ZmdJdXdvWXNvVm1mZkFSRjYKYVF1ZHlCektZaVRaNUxlYUZjUlp6dmg0U2RLZllhQmI5ZW9RU1hsUUhWU3lXVjN2MWFrRWRpcWxiWXJpRzhRLwp0UWFIZHpZT05rcEc0aHQyRW04cDN5Q08vTkhlRHNtZ3JBQ1pYWEFxNDFuai9qcHFQd2xDUkdwQk9Sa3dTeXZZCjJmUWM3Z1pKbFY3ZmUzbE9LcTA1UzFYSElqdU9zbnArMHdqa1I1VnIyQ1J3a0ZGYkIvTnBRRnZtbWhwQWJQNEIKYmJlT0Q5Y1FCakVPWjN5aVlJQWZ5RVp0MEIyZUo5S1EzUlcrbTFlSHFYSnFEakhrVXlpZUZuRE5hdzdCMXpjTwo1bGcxVGxZQWRxNWZoV21KTlBZbjNjdWtvS0tKL2xiQk80Z2pjL3AzY2tnY3VMWGMydlRYQWdNQkFBR2pYekJkCk1EWUdBMVVkRVFRdk1DMkhCSDhBQUFHSEJNQ29lanlDQ1d4dlkyRnNhRzl6ZElJVWQyVmlhRzl2YXkxelpYSjIKWlhJdWJHOWpZV3d3RGdZRFZSMFBBUUgvQkFRREFnV2dNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3kwNlZGOEgzMG5vVVpwSW9STWQwSG5NRzA3aHdpNzZOU1hvZFZjN1E4CndHR09qR3h5czZ6M0NJQmEySEp2M0VRUWhzajEvN0VrM1EyVUorRWlweDNpNTlocDNRYWw2SzFvdzFXRlowNEEKTHh0Mm03eCs4Nmh3Q2NaWGpDNmVNdnhORTFEUmJuRnJTRElaR044akNtZHN2WjdqOXUrSUV0cVEwSWNML3AzWgpIdHJoc0ZzTU5BdnU2MDRZSmhPdTlid1NoOVNNQlo1bHcwOTRJU2Z4NDdFVXQzM1F2UXZWMkVncDNoa2lWR1A2Ci91YnhXWWpJQzd3Zk9wZ0dsc2tEZ1RUSnlZTWM1WEI2UlAwaWdZdGhoWlpNVWhtV1g1VEpKZWV5c2RLa0oyMkEKRkptZ1c5em1kNHVlb05IM0JPcjZlK3YyVlhHcUxuME54RlFXaUl2NUsyRFMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ rules:
+ - operations: [ "CREATE", "UPDATE" ]
+ apiGroups: [""]
+ apiVersions: ["v1"]
+ resources: ["pods"]
+ failurePolicy: Ignore
+ sideEffects: None
+ admissionReviewVersions: ["v1"]
+ objectSelector:
+ matchLabels:
+ l2sm: "true"
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aaf2697b620f746e34ee021ffdf017fc6ba22f15
--- /dev/null
+++ b/config/manager/kustomization.yaml
@@ -0,0 +1,22 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+ newName: alexdecb/l2sm-controller-manager
+ newTag: 2.7.1
diff --git a/l2sm-api-resources/config/manager/manager.yaml b/config/manager/manager.yaml
similarity index 81%
rename from l2sm-api-resources/config/manager/manager.yaml
rename to config/manager/manager.yaml
index d93867fa21dd64a891d41057a5433ed9cafffaa2..40b53d310fa2898a804d5d7d75cc5716c271af5a 100644
--- a/l2sm-api-resources/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
apiVersion: v1
kind: Namespace
metadata:
@@ -23,8 +20,8 @@ metadata:
app.kubernetes.io/name: namespace
app.kubernetes.io/instance: system
app.kubernetes.io/component: manager
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
app.kubernetes.io/managed-by: kustomize
name: system
---
@@ -38,8 +35,8 @@ metadata:
app.kubernetes.io/name: deployment
app.kubernetes.io/instance: controller-manager
app.kubernetes.io/component: manager
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
app.kubernetes.io/managed-by: kustomize
spec:
selector:
@@ -87,6 +84,13 @@ spec:
- /manager
args:
- --leader-elect
+ env:
+ - name: CONTROLLER_IP
+ value: l2sm-controller-service.l2sm-system.svc.cluster.local
+ - name: CONTROLLER_PORT
+ value: "8181"
+ - name: SWITCHES_NAMESPACE
+ value: "l2sm-system"
image: controller:latest
name: manager
securityContext:
diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..dc2d0e522e80eb02485ccce356c2c02be07eee0e
--- /dev/null
+++ b/config/prometheus/kustomization.yaml
@@ -0,0 +1,16 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- monitor.yaml
diff --git a/l2sm-api-resources/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
similarity index 55%
rename from l2sm-api-resources/config/prometheus/monitor.yaml
rename to config/prometheus/monitor.yaml
index 4de9492f7ffd8369b7478169cf5e4db2f887a82b..d92d95fd139a1565d51cca400a1ae333f54d37dc 100644
--- a/l2sm-api-resources/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
@@ -24,8 +21,8 @@ metadata:
app.kubernetes.io/name: servicemonitor
app.kubernetes.io/instance: controller-manager-metrics-monitor
app.kubernetes.io/component: metrics
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
app.kubernetes.io/managed-by: kustomize
name: controller-manager-metrics-monitor
namespace: system
diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e937328c87f37fae7255807654a97c686187bf93
--- /dev/null
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -0,0 +1,30 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: metrics-reader
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: metrics-reader
+rules:
+- nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..872af579c39474c75a33c56ed84c40ba920e3aa3
--- /dev/null
+++ b/config/rbac/auth_proxy_role.yaml
@@ -0,0 +1,38 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: proxy-role
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a5212a15bbb1c170d8e78aab37b675bc83915cb5
--- /dev/null
+++ b/config/rbac/auth_proxy_role_binding.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/instance: proxy-rolebinding
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: proxy-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..23237ce4d4aeeb597e02f19dee1a2dff8ee8bd9a
--- /dev/null
+++ b/config/rbac/auth_proxy_service.yaml
@@ -0,0 +1,35 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ control-plane: controller-manager
+ app.kubernetes.io/name: service
+ app.kubernetes.io/instance: controller-manager-metrics-service
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: controller-manager-metrics-service
+ namespace: system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
diff --git a/l2sm-api-resources/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
similarity index 59%
rename from l2sm-api-resources/config/rbac/kustomization.yaml
rename to config/rbac/kustomization.yaml
index cf638a136cbf7210088cae3f8b20c46cc661fae5..ea304e19dcaf3742ceb42c8eb094933553125375 100644
--- a/l2sm-api-resources/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
diff --git a/config/rbac/l2overlay_editor_role.yaml b/config/rbac/l2overlay_editor_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7773329fc8fb3c1d721bfcddacb7d88579136546
--- /dev/null
+++ b/config/rbac/l2overlay_editor_role.yaml
@@ -0,0 +1,45 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to edit networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: networkedgedevice-editor-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: networkedgedevice-editor-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
diff --git a/config/rbac/l2smmdnoverlay_viewer_role.yaml b/config/rbac/l2smmdnoverlay_viewer_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b34c34f95673a66c20dc0c53916c49f60d55fc93
--- /dev/null
+++ b/config/rbac/l2smmdnoverlay_viewer_role.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: networkedgedevice-viewer-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: networkedgedevice-viewer-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
diff --git a/config/rbac/l2smnetwork_editor_role.yaml b/config/rbac/l2smnetwork_editor_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cf921ffa83295a257f49320d20a7b46062bc47cd
--- /dev/null
+++ b/config/rbac/l2smnetwork_editor_role.yaml
@@ -0,0 +1,45 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to edit l2networks.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: l2network-editor-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: l2network-editor-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/status
+ verbs:
+ - get
diff --git a/config/rbac/l2smnetwork_viewer_role.yaml b/config/rbac/l2smnetwork_viewer_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8995b662782db6912f65847ac07ac839e0beacb0
--- /dev/null
+++ b/config/rbac/l2smnetwork_viewer_role.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view l2networks.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: l2network-viewer-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: l2network-viewer-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/status
+ verbs:
+ - get
diff --git a/config/rbac/l2smoverlay_viewer_role.yaml b/config/rbac/l2smoverlay_viewer_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b34c34f95673a66c20dc0c53916c49f60d55fc93
--- /dev/null
+++ b/config/rbac/l2smoverlay_viewer_role.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: networkedgedevice-viewer-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: networkedgedevice-viewer-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
diff --git a/l2sm-api-resources/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
similarity index 55%
rename from l2sm-api-resources/config/rbac/leader_election_role.yaml
rename to config/rbac/leader_election_role.yaml
index 91b79d4290d48da782e966282ff4251eccfb6f40..b49417f24eed7c967a4c0d222e666f3b25c6e40d 100644
--- a/l2sm-api-resources/config/rbac/leader_election_role.yaml
+++ b/config/rbac/leader_election_role.yaml
@@ -1,20 +1,17 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -23,8 +20,8 @@ metadata:
app.kubernetes.io/name: role
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
app.kubernetes.io/managed-by: kustomize
name: leader-election-role
rules:
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c6efb60f73d08c8bc6c14521ae24db98720a5135
--- /dev/null
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: leader-election-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/config/rbac/overlay_editor_role.yaml b/config/rbac/overlay_editor_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f43697b824f8e24cb105022d4c5c8d2100b6ecd5
--- /dev/null
+++ b/config/rbac/overlay_editor_role.yaml
@@ -0,0 +1,45 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to edit overlays.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: overlay-editor-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: overlay-editor-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/status
+ verbs:
+ - get
diff --git a/config/rbac/overlay_viewer_role.yaml b/config/rbac/overlay_viewer_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c2e992a3f8bfe5fc8055d91e3cdac222b1aa5c8d
--- /dev/null
+++ b/config/rbac/overlay_viewer_role.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view overlays.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/instance: overlay-viewer-role
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: overlay-viewer-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/status
+ verbs:
+ - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..41f6e90320c7937247a52bc7789dc86e76d0b484
--- /dev/null
+++ b/config/rbac/role.yaml
@@ -0,0 +1,148 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: manager-role
+rules:
+- apiGroups:
+ - apps
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..266ef5908ae3dec107804471d2b2edc5c06a58cb
--- /dev/null
+++ b/config/rbac/role_binding.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: manager-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1791cb2a53dc58c259e71c0e7eab9050763b9fca
--- /dev/null
+++ b/config/rbac/service_account.yaml
@@ -0,0 +1,26 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/part-of: l2network
+ app.kubernetes.io/managed-by: kustomize
+ name: controller-manager
+ namespace: system
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8d15b7be5c9842724d65bc7f17473cdf3f80a256
--- /dev/null
+++ b/config/samples/kustomization.yaml
@@ -0,0 +1,21 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Append samples of your project ##
+resources:
+- l2sm_v1_l2network.yaml
+- l2sm_v1_networkedgedevice.yaml
+- l2sm_v1_networkedgedevice.yaml
+- l2sm_v1_overlay.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/l2sm_v1_l2network.yaml b/config/samples/l2sm_v1_l2network.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..909e43368b7e6e0c8562ab50f71e1c21292dea3b
--- /dev/null
+++ b/config/samples/l2sm_v1_l2network.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: ping-network
+spec:
+ type: vnet
+ provider:
+ name: example-network-controller
+ domain: "192.168.122.60:8181"
diff --git a/config/samples/l2sm_v1_networkedgedevice.yaml b/config/samples/l2sm_v1_networkedgedevice.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6be3cca2e0139b7206a371305ffb893637c945c6
--- /dev/null
+++ b/config/samples/l2sm_v1_networkedgedevice.yaml
@@ -0,0 +1,45 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: NetworkEdgeDevice
+metadata:
+ name: example-networkedgedevice
+ labels:
+ app: l2sm
+spec:
+ networkController:
+ name: example-network-controller
+ domain: 192.168.122.60
+ nodeConfig:
+ nodeName: ant-machine
+ ipAddress: 192.168.122.60
+ neighbors:
+ - node: tucci
+ domain: 192.168.122.244
+ switchTemplate:
+ spec:
+ hostNetwork: true
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-ned:2.7.1
+ resources: {}
+ # command: ["/bin/sh"]
+ # args: ["-c", "sleep infinity"]
+ #imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
diff --git a/config/samples/l2sm_v1_overlay.yaml b/config/samples/l2sm_v1_overlay.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8df97f3501fb0d79cf2e0bb5d5ca6f9e52169761
--- /dev/null
+++ b/config/samples/l2sm_v1_overlay.yaml
@@ -0,0 +1,60 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: Overlay
+metadata:
+ labels:
+ app.kubernetes.io/name: overlay
+ app.kubernetes.io/instance: overlay-sample
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/created-by: controllermanager
+ name: overlay-sample
+spec:
+ networkController:
+ name: example-network-controller
+ domain: controller.example.com
+ topology:
+ nodes:
+ - ant-machine
+ - mole
+ links:
+ - endpointA: ant-machine
+ endpointB: mole
+ switchTemplate:
+ spec:
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-switch:2.7
+ resources: {}
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: NVETHS
+ value: "10"
+ - name: CONTROLLERIP
+ value: "l2sm-controller-service"
+ - name: PODNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ imagePullPolicy: Always
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ ports:
+ - containerPort: 80
diff --git a/config/sdncontroller/kustomization.yaml b/config/sdncontroller/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5350348f53f5e2a759a32e05e5539d226e2b18f9
--- /dev/null
+++ b/config/sdncontroller/kustomization.yaml
@@ -0,0 +1,17 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- manifests.yaml
+- service.yaml
\ No newline at end of file
diff --git a/config/sdncontroller/manifests.yaml b/config/sdncontroller/manifests.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bdea6e334f7cbd6cf752be1110f5bc214e7b7738
--- /dev/null
+++ b/config/sdncontroller/manifests.yaml
@@ -0,0 +1,41 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: controller
+ template:
+ metadata:
+ labels:
+ app: controller
+ spec:
+ containers:
+ - name: l2sm-controller
+ image: alexdecb/l2sm-controller:2.4
+ readinessProbe:
+ httpGet:
+ path: /onos/ui
+ port: 8181
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ ports:
+ - containerPort: 6633
+ - containerPort: 8181
+ # imagePullPolicy: Always
diff --git a/config/sdncontroller/service.yaml b/config/sdncontroller/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d02598210ae1ebaf389a48b06505b971233525fd
--- /dev/null
+++ b/config/sdncontroller/service.yaml
@@ -0,0 +1,31 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: controller-service
+spec:
+ selector:
+ app: controller
+ ports:
+ - name: of13-port
+ protocol: TCP
+ port: 6633
+ targetPort: 6633
+ - name: http-port
+ protocol: TCP
+ port: 8181
+ targetPort: 8181
+ type: ClusterIP
diff --git a/config/tmp/kustomization.yaml b/config/tmp/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a9303b4e2868f4d48ea3d24697ac067455f38c81
--- /dev/null
+++ b/config/tmp/kustomization.yaml
@@ -0,0 +1,26 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+namespace: l2sm-system
+resources:
+- vhost1.yaml
+- vhost2.yaml
+- vhost3.yaml
+- vhost4.yaml
+- vhost5.yaml
+- vhost6.yaml
+- vhost7.yaml
+- vhost8.yaml
+- vhost9.yaml
+- vhost10.yaml
\ No newline at end of file
diff --git a/config/tmp/vhost1.yaml b/config/tmp/vhost1.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1d2e76dfa7d566c0347a6f15d36b2eb055cda9c5
--- /dev/null
+++ b/config/tmp/vhost1.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth1
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br1",
+ "mtu": 1400,
+ "device": "veth1",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost10.yaml b/config/tmp/vhost10.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ba43d7f0e6068e479dbca36944752018b48038d4
--- /dev/null
+++ b/config/tmp/vhost10.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth10
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br10",
+ "mtu": 1400,
+ "device": "veth10",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost2.yaml b/config/tmp/vhost2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..49d690aaf65c0c01e2b8a923b80a0754d9a2333d
--- /dev/null
+++ b/config/tmp/vhost2.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth2
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br2",
+ "mtu": 1400,
+ "device": "veth2",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost3.yaml b/config/tmp/vhost3.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..32231b49fd7f0daf55ba8e56a8910f6d28f2a7ab
--- /dev/null
+++ b/config/tmp/vhost3.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth3
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br3",
+ "mtu": 1400,
+ "device": "veth3",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost4.yaml b/config/tmp/vhost4.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8738478693fb2a9429be0f5840e08f7ee589ce59
--- /dev/null
+++ b/config/tmp/vhost4.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth4
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br4",
+ "mtu": 1400,
+ "device": "veth4",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost5.yaml b/config/tmp/vhost5.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..44c449efb3520a3ffc668f9eca6dd75dd2332ae3
--- /dev/null
+++ b/config/tmp/vhost5.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth5
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br5",
+ "mtu": 1400,
+ "device": "veth5",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost6.yaml b/config/tmp/vhost6.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4deed49f2cd1c69b82c10bb196a7531e120cee7f
--- /dev/null
+++ b/config/tmp/vhost6.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth6
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br6",
+ "mtu": 1400,
+ "device": "veth6",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost7.yaml b/config/tmp/vhost7.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b5e2022e5fa06a64b6b668d48490ced53554bdc2
--- /dev/null
+++ b/config/tmp/vhost7.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth7
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br7",
+ "mtu": 1400,
+ "device": "veth7",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost8.yaml b/config/tmp/vhost8.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b05b60f32c13c32b2e1f478d58e9730e8ea58e29
--- /dev/null
+++ b/config/tmp/vhost8.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth8
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br8",
+ "mtu": 1400,
+ "device": "veth8",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/tmp/vhost9.yaml b/config/tmp/vhost9.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6e9f2777d6d93ebcc6ab282e67ae4f9b61f8c962
--- /dev/null
+++ b/config/tmp/vhost9.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth9
+ labels:
+ app: l2sm
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br9",
+ "mtu": 1400,
+ "device": "veth9",
+ "ipam": {
+ "type":"static"
+ }
+ }'
diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..68193e6a4bbd7ad41a18551951a2a96576c99feb
--- /dev/null
+++ b/config/webhook/kustomization.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- manifests.yaml
+- service.yaml
+
+configurations:
+- kustomizeconfig.yaml
diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e9f56f8fca4585cbc72b0e8b16dbf9c56fc2bfb1
--- /dev/null
+++ b/config/webhook/kustomizeconfig.yaml
@@ -0,0 +1,28 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# the following config is for teaching kustomize where to look at when substituting nameReference.
+# It requires kustomize v2.1.0 or newer to work properly.
+nameReference:
+- kind: Service
+ version: v1
+ fieldSpecs:
+ - kind: MutatingWebhookConfiguration
+ group: admissionregistration.k8s.io
+ path: webhooks/clientConfig/service/name
+namespace:
+- kind: MutatingWebhookConfiguration
+ group: admissionregistration.k8s.io
+ path: webhooks/clientConfig/service/namespace
+ create: true
\ No newline at end of file
diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..eaefcbf71e73b427214f71c70dbaf8afc1a73d83
--- /dev/null
+++ b/config/webhook/manifests.yaml
@@ -0,0 +1,19 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: mutating-webhook-configuration
diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4f4940d147a976c8dee2a666d64ab373934a6887
--- /dev/null
+++ b/config/webhook/service.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: service
+ app.kubernetes.io/instance: webhook-service
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/part-of: controllermanager
+ app.kubernetes.io/managed-by: kustomize
+ name: webhook-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ control-plane: controller-manager
diff --git a/deployments/README.md b/deployments/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..10576e689dadece88702182c84b1c3f014a8403d
--- /dev/null
+++ b/deployments/README.md
@@ -0,0 +1,40 @@
+# L2S-M Installation Guide
+This guide details the necessary steps to install the L2S-M Kubernetes operator to create and manage virtual networks in your Kubernetes cluster.
+
+
+# Prerequisites
+
+1. Clone the L2S-M repository in your host. This guide will assume that all commands are executed within the L2S-M directory.
+
+2. Install the Multus CNI Plugin in your K8s cluster. For more information on how to install Multus in your cluster, check their [official GitHub repository](https://github.com/k8snetworkplumbingwg/multus-cni).
+
+3. Install the Cert-Manager in your K8s cluster. For more information on how to install Cert-Manager in your cluster, check their official installation guide.
+
+4. The host-device CNI plugin must be able to be used in your cluster. If it is not present in your K8s distribution, you can find how to install it in your K8s cluster in their [official GitHub repository](https://github.com/containernetworking/plugins).
+
+5. Make sure that packages are forwarded by default: `sudo iptables -P FORWARD ACCEPT`
+
+## Install L2S-M
+
+Installing L2S-M can be done by using a single command:
+
+```bash
+kubectl create -f ./deployments/l2sm-deployment.yaml
+```
+
+The installation will take around a minute to finish, and to check that everyting is running properly, you may run the following command:
+
+```bash
+kubectl get pods -o wide -n l2sm-system
+```
+
+Which should give you an output like this:
+
+```bash
+NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
+l2sm-controller-56b45487b7-nglns 1/1 Running 0 129m 10.1.72.72 l2sm2 <none> <none>
+l2sm-controller-manager-7794c5f66d-b9nsf 2/2 Running 0 119m 10.1.14.45 l2sm1 <none> <none>
+```
+
+
+After the installation, you can start using L2S-M. The first thing you want to do is to create an overlay topology, that will be the basis of the virtual network creations, but don't worry! Check out the [overlay setup guide](../examples/overlay-setup/) for more information.
\ No newline at end of file
diff --git a/deployments/l2sm-deployment.yaml b/deployments/l2sm-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c492519edcd62e79c64b72afad4c68ecdc3a4576
--- /dev/null
+++ b/deployments/l2sm-deployment.yaml
@@ -0,0 +1,10004 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: system
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: namespace
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: l2networks.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: L2Network
+ listKind: L2NetworkList
+ plural: l2networks
+ singular: l2network
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Internal SDN Controller Connectivity
+ jsonPath: .status.internalConnectivity
+ name: AVAILABILITY
+ type: string
+ - description: Internal SDN Controller Connectivity
+ jsonPath: .status.connectedPods
+ name: CONNECTED_PODS
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: L2Network is the Schema for the l2networks API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: L2NetworkSpec defines the desired state of L2Network
+ properties:
+ config:
+ description: Config is an optional field that is meant to be used
+ as additional configuration depending on the type of network. Check
+ each type of network for specific configuration definitions.
+ type: string
+ provider:
+ description: Provider is an optional field representing a provider
+ spec. Check the provider spec definition for more details
+ properties:
+ domain:
+ type: string
+ name:
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ type:
+ description: NetworkType represents the type of network being configured.
+ enum:
+ - ext-vnet
+ - vnet
+ - vlink
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ description: L2NetworkStatus defines the observed state of L2Network
+ properties:
+ connectedPods:
+ description: Existing Pods in the cluster, connected to the specific
+ network
+ items:
+ type: string
+ type: array
+ internalConnectivity:
+ default: Unavailable
+ description: Status of the connectivity to the internal SDN Controller.
+ If there is no connection, internal l2sm-switches won't forward
+ traffic
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ providerConnectivity:
+ description: Status of the connectivity to the external provider SDN
+ Controller. If there is no connectivity, the exisitng l2sm-ned in
+ the cluster won't forward packages to the external clusters.
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ required:
+ - internalConnectivity
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: networkedgedevices.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: NetworkEdgeDevice
+ listKind: NetworkEdgeDeviceList
+ plural: networkedgedevices
+ singular: networkedgedevice
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Availability status of the overlay
+ jsonPath: .status.availability
+ name: STATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: NetworkEdgeDevice is the Schema for the networkedgedevices API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NetworkEdgeDeviceSpec defines the desired state of NetworkEdgeDevice
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ nodeConfig:
+ description: Node Configuration
+ properties:
+ ipAddress:
+ type: string
+ nodeName:
+ type: string
+ required:
+ - ipAddress
+ - nodeName
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ required:
+ - networkController
+ - nodeConfig
+ - switchTemplate
+ type: object
+ status:
+ description: NetworkEdgeDeviceStatus defines the observed state of NetworkEdgeDevice
+ properties:
+ availability:
+ default: Unavailable
+ description: Status of the overlay. Is available when switches are
+ connected between them and with the network Controller.
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ openflowId:
+ type: string
+ required:
+ - availability
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: overlays.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: Overlay
+ listKind: OverlayList
+ plural: overlays
+ singular: overlay
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: Overlay is the Schema for the overlays API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OverlaySpec defines the desired state of Overlay
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ topology:
+ description: |-
+ Topology represents the desired topology, it's represented by the 'Nodes' field, a list of nodes where the switches are going to be deployed and a list of bidirectional links,
+ selecting the nodes that are going to be linked.
+ properties:
+ links:
+ items:
+ properties:
+ endpointA:
+ type: string
+ endpointB:
+ type: string
+ required:
+ - endpointA
+ - endpointB
+ type: object
+ type: array
+ nodes:
+ items:
+ type: string
+ type: array
+ required:
+ - links
+ - nodes
+ type: object
+ required:
+ - networkController
+ - switchTemplate
+ type: object
+ status:
+ description: OverlayStatus defines the observed state of Overlay
+ properties:
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-leader-election-role
+ namespace: l2sm-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: l2sm-manager-role
+rules:
+- apiGroups:
+ - apps
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: metrics-reader
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: proxy-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-leader-election-rolebinding
+ namespace: l2sm-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: l2sm-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: l2sm-manager-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: proxy-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: l2sm-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager-metrics-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-controller-manager-metrics-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: l2sm-controller-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - name: of13-port
+ port: 6633
+ protocol: TCP
+ targetPort: 6633
+ - name: http-port
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ selector:
+ app: controller
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: webhook-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-webhook-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: l2sm-controller
+ namespace: l2sm-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: controller
+ template:
+ metadata:
+ labels:
+ app: controller
+ spec:
+ containers:
+ - image: alexdecb/l2sm-controller:2.4
+ name: l2sm-controller
+ ports:
+ - containerPort: 6633
+ - containerPort: 8181
+ readinessProbe:
+ httpGet:
+ path: /onos/ui
+ port: 8181
+ initialDelaySeconds: 30
+ periodSeconds: 10
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: deployment
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ command:
+ - /manager
+ env:
+ - name: CONTROLLER_IP
+ value: l2sm-controller-service.l2sm-system.svc.cluster.local
+ - name: CONTROLLER_PORT
+ value: "8181"
+ - name: SWITCHES_NAMESPACE
+ value: l2sm-system
+ image: alexdecb/l2sm-controller-manager:2.7.1
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: l2sm-controller-manager
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-serving-cert
+ namespace: l2sm-system
+spec:
+ dnsNames:
+ - l2sm-webhook-service.l2sm-system.svc
+ - l2sm-webhook-service.l2sm-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: l2sm-selfsigned-issuer
+ secretName: webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-selfsigned-issuer
+ namespace: l2sm-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: l2sm-system/l2sm-serving-cert
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: mutating-webhook-configuration
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: mutatingwebhookconfiguration
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ caBundle: ""
+ service:
+ name: l2sm-webhook-service
+ namespace: l2sm-system
+ path: /mutate-v1-pod
+ failurePolicy: Ignore
+ name: mpod.kb.io
+ objectSelector:
+ matchLabels:
+ l2sm: "true"
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pods
+ sideEffects: None
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth1
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br1", "mtu": 1400,
+ "device": "veth1", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth10
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br10", "mtu": 1400,
+ "device": "veth10", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth2
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br2", "mtu": 1400,
+ "device": "veth2", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth3
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br3", "mtu": 1400,
+ "device": "veth3", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth4
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br4", "mtu": 1400,
+ "device": "veth4", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth5
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br5", "mtu": 1400,
+ "device": "veth5", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth6
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br6", "mtu": 1400,
+ "device": "veth6", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth7
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br7", "mtu": 1400,
+ "device": "veth7", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth8
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br8", "mtu": 1400,
+ "device": "veth8", "ipam": { "type":"static" } }'
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ labels:
+ app: l2sm
+ name: veth9
+ namespace: l2sm-system
+spec:
+ config: '{ "cniVersion": "0.3.0", "type": "bridge", "bridge": "br9", "mtu": 1400,
+ "device": "veth9", "ipam": { "type":"static" } }'
diff --git a/L2S-M core/examples/README.md b/examples/README.md
similarity index 60%
rename from L2S-M core/examples/README.md
rename to examples/README.md
index ba441ed2a9ae4ba72be14974976cf7a67b93e543..11b35a2cc334c1423e513cd5e6c7400ec2efdb9f 100644
--- a/L2S-M core/examples/README.md
+++ b/examples/README.md
@@ -1,21 +1,3 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
# L2S-M examples
This section of L2S-M documentation provides examples that you can use in order to learn how to create virtual networks and attach pods to them.
diff --git a/L2S-M core/examples/cdn/README.md b/examples/cdn/README.md
similarity index 86%
rename from L2S-M core/examples/cdn/README.md
rename to examples/cdn/README.md
index 6fa646c9de3fa875a5f5aa9b1259999008ab0849..aeb68f1e552d2fd097cd70c7505397b886a4c0cd 100644
--- a/L2S-M core/examples/cdn/README.md
+++ b/examples/cdn/README.md
@@ -1,26 +1,12 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
# Example: Isolating an NGINX server from a CDN with Custom L2SM networks
## Overview
This example demonstrates the isolation of traffic between pods using custom networks with L2S-M. In this scenario, two networks, v-network-1 and v-network-2, are created, and three pods (cdn-server, router, and content-server) are connected. The objective is to showcase how traffic can be isolated through a router connecting the two networks.
+## Pre-requisites
+
+In order to get this example moving, it's required to have L2S-M installed alongside an overlay topology deployed. You can learn how to do so in [the overlay example section](../overlay-setup).
+
## Topology
This example can be seen in action [in the screencast provided](#procedure), where it's presented a Cluster scenario with three nodes, where a Pod will be deployed in each Node, as shown in the following figure:
@@ -28,6 +14,7 @@ This example can be seen in action [in the screencast provided](#procedure), whe
<img src="../../assets/video-server-example.svg" width="400">
</p>
+
The following example doesn't really need a three Node scenario, it can be used with just a Node in the Cluster. Through the example guide, we will create the following resources:
### Networks
@@ -57,6 +44,8 @@ Note: The configurations specified can be seen in each Pod YAML specification.
- IP: 10.0.2.2
- Network: v-network-2
+
+It's required to specify which node you want to schedule your pod in, in order to do so, change the "NodeName" field inside the yaml files.
## Procedure
Follow the steps below to demonstrate the isolation of traffic between pods using custom networks with L2S-M. You can watch a screencast of how this operates and how it should follow through this youtube video:
@@ -81,13 +70,13 @@ kubectl create -f ./examples/cdn/v-network-2.yaml
### 2. Verify Network Creation
Note: This step is optional, but it will help you understand how L2S-M internally work, if you already know a bit about SDN and network overlays.
- - Check the logs in the `l2sm-controller` and `l2sm-operator` to ensure that the virtual networks have been successfully created.
+ - Check the logs in the `l2sm-controller` and `l2sm-controller-manager` to ensure that the virtual networks have been successfully created.
```bash
-kubectl get net-attach-def
+kubectl get l2networks
```
```bash
-kubectl logs l2sm-operator-667fc88c57-p7krv
+kubectl logs l2sm-controller-manager-55d7b6ccdd-8tbqr
```
```bash
kubectl logs l2sm-controller-d647b7fb5-kb2f7
diff --git a/examples/cdn/cdn-server.yaml b/examples/cdn/cdn-server.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..27db00aa4271f8758514ac6db14b16bd34b2ed84
--- /dev/null
+++ b/examples/cdn/cdn-server.yaml
@@ -0,0 +1,32 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: cdn-server
+ labels:
+ app: test4
+ l2sm: "true"
+ annotations:
+ l2sm/networks: '[{"name": "v-network-1", "ips":["10.0.1.2/24"]}]'
+spec:
+ containers:
+ - name: server
+ command: ["/bin/ash", "-c", "ip route add 10.0.2.0/24 via 10.0.1.1 dev net1 && trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ nodeName: test-l2sm-uc3m-polito-1
diff --git a/examples/cdn/content-server.yaml b/examples/cdn/content-server.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0991c4a48e86adef5ca92921e812f6a923a6882a
--- /dev/null
+++ b/examples/cdn/content-server.yaml
@@ -0,0 +1,39 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: content-server
+spec:
+ selector:
+ matchLabels:
+ app: test4
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: test4
+ annotations:
+ l2sm/networks: '[{"name": "v-network-2","ips": ["10.0.2.2/24"]}]'
+ spec:
+ containers:
+ - name: content-server
+ image: alexdecb/video-server-test:1
+ command: ["/bin/sh", "-c", "ip route add 10.0.1.0/24 via 10.0.2.1 dev net1 && trap : TERM INT; sleep infinity & wait"]
+ imagePullPolicy: Always
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ nodeName: test-l2sm-uc3m-polito-3
\ No newline at end of file
diff --git a/examples/cdn/router.yaml b/examples/cdn/router.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0504dda7ff66688fdc452a9623c9c9955ea233f8
--- /dev/null
+++ b/examples/cdn/router.yaml
@@ -0,0 +1,36 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: router
+ labels:
+ app: test4
+ l2sm: "true"
+ annotations:
+ l2sm/networks: '[{"name": "v-network-1","ips": ["10.0.1.1/24"]}, {"name": "v-network-2","ips": ["10.0.2.1/24"]}]'
+spec:
+ containers:
+ - name: router
+ command: ["/bin/ash", "-c"]
+ args: ["echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf && sysctl -p &&
+ trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["NET_ADMIN"]
+ nodeName: test-l2sm-uc3m-polito-2
+
diff --git a/examples/cdn/v-network-1.yaml b/examples/cdn/v-network-1.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6f1e7e2aeabfe7ba94899207cf3743750eaeaffe
--- /dev/null
+++ b/examples/cdn/v-network-1.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: v-network-1
+spec:
+ type: vnet
\ No newline at end of file
diff --git a/examples/cdn/v-network-2.yaml b/examples/cdn/v-network-2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2845e06bc5c8a4a323ba5b417b20b1a8128dd16f
--- /dev/null
+++ b/examples/cdn/v-network-2.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: v-network-2
+spec:
+ type: vnet
diff --git a/L2S-M core/examples/cdn/video-server/Dockerfile b/examples/cdn/video-server/Dockerfile
similarity index 68%
rename from L2S-M core/examples/cdn/video-server/Dockerfile
rename to examples/cdn/video-server/Dockerfile
index a98d58c26d957d16446484ae60eebbf8fdcfd68f..a4f61424b5e781eecb71815e15e544fc11b1a790 100644
--- a/L2S-M core/examples/cdn/video-server/Dockerfile
+++ b/examples/cdn/video-server/Dockerfile
@@ -1,20 +1,16 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
# Use the official Nginx image as the base image
FROM nginx:latest
diff --git a/examples/inter-cluster-setup/README.md b/examples/inter-cluster-setup/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3ad5f1b390aa641412de206bb1bbdacd2c4bd11c
--- /dev/null
+++ b/examples/inter-cluster-setup/README.md
@@ -0,0 +1,141 @@
+# L2S-M Inter-Cluster Configuration Guide
+
+To connect multiple clusters across different nodes, we need to extend the basic overlay configuration to inter-cluster communication. This guide explains how to deploy a network controller and network edge devices (NEDs) to create an inter-cluster network.
+
+There is a work in progress solution that can be useful to manage multiple clusters together, it [can be found here](https://github.com/Networks-it-uc3m/l2sm-md). There you can specify which clusters to connect, and the component will use the L2S-M API to reach this desired state.
+
+## Step 1: Deploying the Network Controller
+
+The first step is to deploy a network controller, which will manage the communication between clusters. You can deploy the controller using Docker, in a machine reachable to the clusters. Run the following command:
+
+```bash
+sudo docker run -d \
+ --name idco-controller \
+ -p 6633:6633 \
+ -p 8181:8181 \
+ alexdecb/l2sm-controller:2.4
+```
+
+
+## Step 2: Deploying the Network Edge Device (NED)
+
+Once the controller is running, we can deploy the NED in each cluster. The NED acts as a bridge between clusters, ensuring proper VxLAN communication.
+
+The NED configuration includes the IP address of the network controller and the node configuration where it is deployed.
+
+### NED Example Configuration
+
+Here’s an example of how the NED's configuration should look like:
+
+```yaml
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: NetworkEdgeDevice
+metadata:
+ name: example-ned
+ labels:
+ app: l2sm
+spec:
+ networkController:
+ name: <controller-name>
+ domain: <controller-domain>
+ nodeConfig:
+ nodeName: <node-name>
+ ipAddress: <node-ip-address>
+ neighbors:
+ - node: <cluster-name>
+ domain: <neighb-cluster-reachable-ip-address>
+ switchTemplate:
+ spec:
+ hostNetwork: true
+ containers:
+ - name: l2sm-ned
+ image: alexdecb/l2sm-ned:2.7.1
+ resources: {}
+ command: ["./setup_ned.sh"]
+ ports:
+ - containerPort: 80
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+```
+
+### Important Fields in NED Configuration:
+
+1. **networkController**: This defines the network controller to which the NED will connect.
+ - **name**: The name of the network controller.
+ - **domain**: The IP address of the controller container (get this from the Docker container running the controller).
+
+2. **nodeConfig**: This defines the specific node where the NED is deployed.
+ - **nodeName**: The name of the node (can be found using `kubectl get nodes`).
+ - **ipAddress**: The IP address of the node where you are deploying the NED (can be checked using `kubectl get nodes -o wide`).
+
+3. **neighbors**: This is where you list the other clusters and their corresponding IP addresses to establish communication.
+ - **node**: The name of the neighboring cluster.
+ - **domain**: The IP address of the neighboring cluster's node.
+
+
+## Step 3: Deploying the NED
+
+After configuring the NED for each node, apply the configuration using `kubectl`:
+
+```bash
+kubectl create -f ./examples/ned-setup/ned-sample.yaml
+```
+
+If you need to modify the NED configuration, update the YAML file and apply the changes using:
+
+```bash
+kubectl apply -f ./examples/ned-setup/ned-sample.yaml
+```
+
+
+## Example NED Configuration for Multiple Clusters
+
+Here's an example of how to configure the NED to connect multiple clusters:
+
+```yaml
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: NetworkEdgeDevice
+metadata:
+ name: example-ned
+ labels:
+ app: l2sm
+spec:
+ networkController:
+ name: idco-controller
+ domain: 192.168.122.60 # Network controller IP
+ nodeConfig:
+ nodeName: ant-machine
+ ipAddress: 192.168.122.60
+ neighbors:
+ - node: tucci
+ domain: 192.168.122.244 # IP of tucci node
+ - node: l2sm3
+ domain: 192.168.123.100 # IP of another cluster node
+```
+
+## Deploying an inter-cluster network
+
+Once you've got the inter cluster topology, you can connect pods that are in both clusters by creating inter-cluster networks. This example is the same as the one shown in [the ping pong guide](../ping-pong/), with the peculiarity that when the L2Network is deployed, a provider is specified. L2S-M checks the provider field and on top of the ned, will create this network that enables this secure connection between the pods in both clusters.
+
+This is an inter cluster L2Network:
+
+```yaml
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: ping-network
+spec:
+ type: vnet
+ provider:
+ name: idco-controller
+ domain: "192.168.122.60:8181"
+```
+> Notice that the provider name is the same one as the one specified in [the NED](#example-ned-configuration-for-multiple-clusters).
+
+
+This same L2Network must be created in both clusters. Afterwards the pods can be deployed just like in every other L2S-M example, as shown in the ping pong files.
+
+## Conclusion
+
+By following this guide, you can deploy a network controller and configure network edge devices (NEDs) to connect multiple clusters in an inter-cluster VxLAN network. The key is to accurately configure the controller and NEDs and ensure proper communication between clusters through the `neighbors` section.
diff --git a/examples/inter-cluster-setup/example-ned.yaml b/examples/inter-cluster-setup/example-ned.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..dd2389c81b206b838fcb8474f3a4a7e0cb370d1d
--- /dev/null
+++ b/examples/inter-cluster-setup/example-ned.yaml
@@ -0,0 +1,43 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: NetworkEdgeDevice
+metadata:
+ name: example-ned
+ labels:
+ app: l2sm
+spec:
+ networkController:
+ name: idco-controller
+ domain: 192.168.122.60
+ nodeConfig:
+ nodeName: ant-machine
+ ipAddress: 192.168.122.60
+ neighbors:
+ - node: tucci
+ domain: 192.168.122.244
+ switchTemplate:
+ spec:
+ hostNetwork: true
+ containers:
+ - name: l2sm-ned
+ image: alexdecb/l2sm-ned:2.7.1
+ resources: {}
+ command: ["./setup_ned.sh"]
+ ports:
+ - containerPort: 80
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
diff --git a/examples/inter-cluster-setup/inter-network.yaml b/examples/inter-cluster-setup/inter-network.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d27ebaa0b495220871400f44a951126829fedcd9
--- /dev/null
+++ b/examples/inter-cluster-setup/inter-network.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: ping-network
+spec:
+ type: vnet
+ provider:
+ name: idco-controller
+ domain: "192.168.122.60:8181"
\ No newline at end of file
diff --git a/examples/inter-cluster-setup/ping.yaml b/examples/inter-cluster-setup/ping.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6d30f76e5906acf199f8fdf91a99ca9532242362
--- /dev/null
+++ b/examples/inter-cluster-setup/ping.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: ping
+ labels:
+ app: ping-pong
+ l2sm: "true"
+ annotations:
+ l2sm/networks: '[{"name": "ping-network","ips": ["10.0.0.1/24"]}]'
+spec:
+ containers:
+ - name: router
+ command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ # Use this parameter if you want to place the pod in a specific node
+ nodeName: ant-machine
diff --git a/examples/inter-cluster-setup/pong.yaml b/examples/inter-cluster-setup/pong.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..421c4c0d7ffb7dc0144db286d64663474ab78757
--- /dev/null
+++ b/examples/inter-cluster-setup/pong.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: pong
+ labels:
+ app: ping-pong
+ l2sm: "true"
+ annotations:
+ l2sm/networks: '[{"name": "ping-network","ips": ["10.0.0.1224"]}]'
+spec:
+ containers:
+ - name: router
+ command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ # Use this parameter if you want to place the pod in a specific node
+ nodeName: tucci
diff --git a/examples/overlay-setup/README.md b/examples/overlay-setup/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..bab9314fa985de3295f1a8427c2605585724c75a
--- /dev/null
+++ b/examples/overlay-setup/README.md
@@ -0,0 +1,118 @@
+# L2S-M VxLAN configuration guide
+
+In order to connect the nodes between themselves, an additional configuration must be done. A configuration CR specifying which nodes we want to connect and and which virtual switches will be made.
+
+Create a file anywhere or use [overlay-sample.yaml](./overlay-sample.yaml) as a reference.
+In this file, you will specify, using the template shown in the reference file, the name of the nodes in the cluster. For example:
+```bash
+$ kubectl get nodes
+NAME STATUS ROLES AGE VERSION
+l2sm1 Ready <none> 64d v1.30.5
+l2sm2 Ready <none> 63d v1.30.5
+```
+In this example we have two nodes: l2sm1 and l2sm2, that we want to interconnect.
+
+We want to connect them directly, so we modify the reference CR:
+```yaml
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: Overlay
+metadata:
+ name: overlay-sample
+spec:
+ topology:
+ nodes:
+ - [<NODE_1>]
+ - [<NODE_2>]
+ - ...
+ - [<NODE_N>]
+ links:
+ - endpointA: [<NODE_1>]
+ endpointB: [<NODE_3>]
+ - endpointA: [<NODE_2>]
+ endpointB: [<NODE_3>]
+ - ...
+ switchTemplate:
+ spec:
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-switch:2.7
+ resources: {}
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: NVETHS
+ value: "10"
+ - name: CONTROLLERIP
+ value: "l2sm-controller-service"
+ - name: PODNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ imagePullPolicy: Always
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ ports:
+ - containerPort: 80
+```
+
+> [!NOTE]
+> This used switch template is required by the l2sm-switch api, and it's not yet completly supported the use of another switch image. How this switch works can be seen in the [l2sm-switch repository](https://github.com/Networks-it-uc3m/l2sm-switch). If you are interested in developing or using your custom virtual switch, you can contact the developers for more info.
+
+Example of how it looks:
+
+```yaml
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: Overlay
+metadata:
+ name: overlay-sample
+spec:
+ topology:
+ nodes:
+ - l2sm1
+ - l2sm2
+ links:
+ - endpointA: l2sm1
+ endpointB: l2sm2
+ switchTemplate:
+ spec:
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-switch:2.7
+ resources: {}
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: NVETHS
+ value: "10"
+ - name: CONTROLLERIP
+ value: "l2sm-controller-service"
+ - name: PODNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ imagePullPolicy: Always
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ ports:
+ - containerPort: 80
+```
+
+
+Once this file is created, we create the overlay topology using the kubectl create command:
+
+```bash
+kubectl create -f ./examples/overlay-setup/overlay-sample.yaml
+```
+
+If you want to modify the topology, just modify the contents of the file and use `kubectl apply -f ...` with the new file.
+
+You are all set! If you want to learn how to create virtual networks and use them in your applications, [check the ping-pong example](../ping-pong/)!
+
+
+If you want to extend your network overlay to make it accesible from other clusters, check the [inter cluster setup guide](../inter-cluster-setup/)
diff --git a/examples/overlay-setup/overlay-sample.yaml b/examples/overlay-setup/overlay-sample.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..75e6a72a22ec68858e997214b54090b085236728
--- /dev/null
+++ b/examples/overlay-setup/overlay-sample.yaml
@@ -0,0 +1,51 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: Overlay
+metadata:
+ name: overlay-sample
+spec:
+ topology:
+ nodes:
+ - l2sm1
+ - l2sm2
+ links:
+ - endpointA: l2sm1
+ endpointB: l2sm2
+ switchTemplate:
+ spec:
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-switch:2.7
+ resources: {}
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: NVETHS
+ value: "10"
+ - name: CONTROLLERIP
+ value: "l2sm-controller-service"
+ - name: PODNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ imagePullPolicy: Always
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ ports:
+ - containerPort: 80
\ No newline at end of file
diff --git a/L2S-M core/examples/ping-pong/README.md b/examples/ping-pong/README.md
similarity index 73%
rename from L2S-M core/examples/ping-pong/README.md
rename to examples/ping-pong/README.md
index 3a2d34c6324c24f6cf7774c1cf6b84165e8791ef..c32ae820962f310d0b58a8dfe3068a8586b5d1d0 100644
--- a/L2S-M core/examples/ping-pong/README.md
+++ b/examples/ping-pong/README.md
@@ -1,21 +1,3 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
# L2S-M Ping Pong example
This section of L2S-M documentation provides an example that you can use in order to learn how to create virtual networks and attach pods to them. To do so, we are going to deploy a simple ping-pong application, where we will deploy two pods attached to a virtual network and test their connectivity.
@@ -23,25 +5,24 @@ All the necessary descriptors can be found in the *'./examples/ping-pong/'* dire
This guide will assume that all commands are executed within the L2S-M directory.
+## Pre-requisites
+
+In order to get this example moving, it's required to have L2S-M installed alongside an overlay topology deployed. You can learn how to do so in [the overlay example section](../overlay-setup).
+
### Creating our first virtual network
First of all, let's see the details of an L2S-M virtual network. This is the descriptor corresponding to the virtual network that will be used in this example: ping-network
```yaml
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
metadata:
name: ping-network
spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "dummy",
- "device": "l2sm-vNet"
- }'
+ type: vnet
```
-As you can see, L2S-M virtual networks are a [NetworkAttachmentDefinition](https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/quickstart.md) from MULTUS. In order to build a new network, just changing its name in the "metadata" field will define a new network.
+As you can see, L2S-M virtual networks are custom CRDs, the L2Networks. In order to build a new network, just changing its name in the "metadata" field will define a new network.
-**Warning**: Do not change the config section from the descriptor; the *l2sm-vNet* is an abstract interface used by the L2S-M operator to manage the virtual networks in the K8s cluster.
To create the virtual network in your cluster, use the appropriate *kubectl* command as if you were building any other K8s resource:
@@ -58,16 +39,21 @@ After creating our first virtual network, it is time to attach some pods to it.
For example, to add one deployment to ping-network, enter the following annotation in your descriptor in its metadata:
```yaml
+labels:
+ l2sm: "true"
annotations:
- k8s.v1.cni.cncf.io/networks: ping-network
+ l2sm/networks: ping-network
```
-If you want to add your own Multus annotations, you are free to do so! L2S-M will not interfere with the standard Multus behavior, so feel free to add your additional annotations if you need them.
To assist you with the deployment of your first application with L2S-M, you can use the pod definitions available in this repository. To deploy both "ping-pong" pods (which are simple Ubuntu alpine containers), use the following commands:
```bash
kubectl create -f ./examples/ping-pong/ping.yaml
+```
+
+And then:
+``` bash
kubectl create -f ./examples/ping-pong/pong.yaml
```
diff --git a/examples/ping-pong/network.yaml b/examples/ping-pong/network.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d940c86e30b244fce2ec421230ba859e5ca5048a
--- /dev/null
+++ b/examples/ping-pong/network.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: l2sm.l2sm.k8s.local/v1
+kind: L2Network
+metadata:
+ name: ping-network
+spec:
+ type: vnet
\ No newline at end of file
diff --git a/examples/ping-pong/ping.yaml b/examples/ping-pong/ping.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6d30f76e5906acf199f8fdf91a99ca9532242362
--- /dev/null
+++ b/examples/ping-pong/ping.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: ping
+ labels:
+ app: ping-pong
+ l2sm: "true"
+ annotations:
+ l2sm/networks: '[{"name": "ping-network","ips": ["10.0.0.1/24"]}]'
+spec:
+ containers:
+ - name: router
+ command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ # Use this parameter if you want to place the pod in a specific node
+ nodeName: ant-machine
diff --git a/examples/ping-pong/pong.yaml b/examples/ping-pong/pong.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ae5456fbeacf954e6ee163afe77dc2123fb5af41
--- /dev/null
+++ b/examples/ping-pong/pong.yaml
@@ -0,0 +1,33 @@
+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: pong
+ labels:
+ app: ping-pong
+ l2sm: "true"
+ annotations:
+ l2sm/networks: ping-network
+spec:
+ containers:
+ - name: router
+ command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
+ image: alpine:latest
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ # Use this parameter if you want to place the pod in a specific node
+ nodeName: mole
diff --git a/l2sm-api-resources/go.mod b/go.mod
similarity index 77%
rename from l2sm-api-resources/go.mod
rename to go.mod
index 1c20dcb8eb81f2e1943ee001928569e296e07e9d..f2b49960b6d990030acd7671fcf8b8ac0616c0da 100644
--- a/l2sm-api-resources/go.mod
+++ b/go.mod
@@ -1,20 +1,29 @@
-module l2sm.k8s.local/l2smnetwork
+module github.com/Networks-it-uc3m/L2S-M
-go 1.21
+go 1.21.7
+
+toolchain go1.22.5
require (
github.com/go-logr/logr v1.4.1
github.com/onsi/ginkgo/v2 v2.14.0
github.com/onsi/gomega v1.30.0
+ google.golang.org/grpc v1.67.0
k8s.io/api v0.29.0
k8s.io/apimachinery v0.29.0
k8s.io/client-go v0.29.0
+ github.com/Networks-it-uc3m/l2sm-switch v1.0.0
sigs.k8s.io/controller-runtime v0.17.0
+
)
+require google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+
+// replace github.com/Networks-it-uc3m/l2sm-switch => ../switch
+
require (
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.8.0 // indirect
@@ -31,10 +40,11 @@ require (
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
- github.com/google/uuid v1.3.0 // indirect
+ github.com/google/uuid v1.6.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
+ github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.0
github.com/mailru/easyjson v0.7.7 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -49,16 +59,15 @@ require (
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
- golang.org/x/net v0.19.0 // indirect
- golang.org/x/oauth2 v0.12.0 // indirect
- golang.org/x/sys v0.16.0 // indirect
- golang.org/x/term v0.15.0 // indirect
- golang.org/x/text v0.14.0 // indirect
+ golang.org/x/net v0.28.0 // indirect
+ golang.org/x/oauth2 v0.22.0 // indirect
+ golang.org/x/sys v0.24.0 // indirect
+ golang.org/x/term v0.23.0 // indirect
+ golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.16.1 // indirect
+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/l2sm-api-resources/go.sum b/go.sum
similarity index 86%
rename from l2sm-api-resources/go.sum
rename to go.sum
index 57b4fa9962cc463f414d80b6ecffb75338e8288a..3032b5cc403587524030d7eef7cce4d6b7015246 100644
--- a/l2sm-api-resources/go.sum
+++ b/go.sum
@@ -1,7 +1,9 @@
+github.com/Networks-it-uc3m/l2sm-switch v1.0.0 h1:SQ2hFmObffhNV2jVSeSpqVGCm2/d6HZuQ02YzeCI+x0=
+github.com/Networks-it-uc3m/l2sm-switch v1.0.0/go.mod h1:zcfUyOLAiCEQza5QRTJoQsrOYdu+WQf/6rQNmhGb4WQ=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -34,7 +36,6 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -49,8 +50,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
@@ -58,6 +59,8 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.0 h1:47q2PIbDYHmOaqLxgGnvpLq96v9UKDsJfNW6j/KbfpQ=
+github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.0/go.mod h1:KDX0bPKeuhMakcNzLf2sWXKPNZ30wH01bsY/KJZLxFY=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -106,8 +109,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -124,14 +127,13 @@ golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2F
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
-golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
-golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -139,35 +141,36 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
+google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
diff --git a/hack/LICENSE.txt b/hack/LICENSE.txt
new file mode 100644
index 0000000000000000000000000000000000000000..9cfdc0b5753970d0a5ee4a7111e020aa918eeddc
--- /dev/null
+++ b/hack/LICENSE.txt
@@ -0,0 +1,13 @@
+Copyright 2024 Universidad Carlos III de Madrid
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt
new file mode 100644
index 0000000000000000000000000000000000000000..43564930c8641b20c3a1602e69426ab6234c1db8
--- /dev/null
+++ b/hack/boilerplate.go.txt
@@ -0,0 +1,13 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
\ No newline at end of file
diff --git a/l2sm-api-resources/internal/controller/l2smnetwork_controller.go b/internal/controller/l2network_controller.go
similarity index 51%
rename from l2sm-api-resources/internal/controller/l2smnetwork_controller.go
rename to internal/controller/l2network_controller.go
index 4b3e27a115e014ecc8cde731026d58ebc5f56671..2c3d174ff1d9e6e98f36085baab93bbeedf0f488 100644
--- a/l2sm-api-resources/internal/controller/l2smnetwork_controller.go
+++ b/internal/controller/l2network_controller.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package controller
import (
@@ -29,13 +26,13 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
- "l2sm.k8s.local/l2smnetwork/internal/sdnclient"
- "l2sm.k8s.local/l2smnetwork/internal/utils"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ "github.com/Networks-it-uc3m/L2S-M/internal/sdnclient"
+ "github.com/Networks-it-uc3m/L2S-M/internal/utils"
)
-// L2SMNetworkReconciler reconciles a L2SMNetwork object
-type L2SMNetworkReconciler struct {
+// L2NetworkReconciler reconciles a L2Network object
+type L2NetworkReconciler struct {
client.Client
Log logr.Logger
Scheme *runtime.Scheme
@@ -44,46 +41,48 @@ type L2SMNetworkReconciler struct {
InternalClient sdnclient.Client
}
-//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2smnetworks,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2smnetworks/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2smnetworks/finalizers,verbs=update
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2networks,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2networks/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=l2networks/finalizers,verbs=update
// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
// TODO(user): Modify the Reconcile function to compare the state specified by
-// the L2SMNetwork object against the actual cluster state, and then
+// the L2Network object against the actual cluster state, and then
// perform operations to make the cluster state reflect the state specified by
// the user.
//
// For more details, check Reconcile and its Result here:
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
-func (r *L2SMNetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+func (r *L2NetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
log := log.FromContext(ctx)
- // log := r.Log.WithValues("l2smnetwork", req.NamespacedName)
+ // log := r.Log.WithValues("l2network", req.NamespacedName)
- // Fetch the L2SMNetwork instance
- network := &l2smv1.L2SMNetwork{}
+ // Fetch the L2Network instance
+ network := &l2smv1.L2Network{}
err := r.Get(ctx, req.NamespacedName, network)
if err != nil {
- log.Error(err, "unable to fetch L2SMNetwork")
+ log.Error(err, "unable to fetch L2Network")
return ctrl.Result{}, client.IgnoreNotFound(err)
}
// Check if the object is being deleted
if network.GetDeletionTimestamp() != nil {
- if utils.ContainsString(network.GetFinalizers(), "l2smnetwork.finalizers.l2sm.k8s.local") {
+ if utils.ContainsString(network.GetFinalizers(), l2smFinalizer) {
// The object is being deleted
if err := r.InternalClient.DeleteNetwork(network.Spec.Type, network.Name); err != nil {
// If fail to delete the external dependency here, return with error
// so that it can be retried
+ log.Error(err, "couldn't delete network in sdn controller")
return ctrl.Result{}, err
}
// Remove our finalizer from the list and update it.
- network.SetFinalizers(utils.RemoveString(network.GetFinalizers(), "l2smnetwork.finalizers.l2sm.k8s.local"))
+ network.SetFinalizers(utils.RemoveString(network.GetFinalizers(), l2smFinalizer))
if err := r.Update(ctx, network); err != nil {
+ log.Error(err, "couldn't remove finalizer to l2network")
return ctrl.Result{}, err
}
}
@@ -93,14 +92,24 @@ func (r *L2SMNetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request)
}
// Add finalizer for this CR
- if !utils.ContainsString(network.GetFinalizers(), "l2smnetwork.finalizers.l2sm.k8s.local") {
- network.SetFinalizers(append(network.GetFinalizers(), "l2smnetwork.finalizers.l2sm.k8s.local"))
+ if !utils.ContainsString(network.GetFinalizers(), l2smFinalizer) {
+ err := r.InternalClient.CreateNetwork(network.Spec.Type, sdnclient.VnetPayload{NetworkId: network.Name})
+ if err != nil {
+ log.Error(err, "failed to create network")
+ r.updateControllerStatus(ctx, network, l2smv1.OfflineStatus)
+
+ return ctrl.Result{}, err
+ }
+ log.Info("Network created in SDN controller", "NetworkID", network.Name)
+ r.updateControllerStatus(ctx, network, l2smv1.OnlineStatus)
+ network.SetFinalizers(append(network.GetFinalizers(), l2smFinalizer))
if err := r.Update(ctx, network); err != nil {
return ctrl.Result{}, err
}
}
- if network.Spec.Type == l2smv1.NetworkTypeExtVnet {
+ // If network is inter domain
+ if network.Spec.Provider != nil {
provStatus, err := interDomainReconcile(network, log)
if err != nil {
log.Error(err, "failed to connect to provider")
@@ -109,49 +118,52 @@ func (r *L2SMNetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request)
// Update the status in the Kubernetes API
if statusUpdateErr := r.Status().Update(ctx, network); statusUpdateErr != nil {
- log.Error(statusUpdateErr, "unable to update L2SMNetwork provider status")
+ log.Error(statusUpdateErr, "unable to update L2Network provider status")
return ctrl.Result{}, statusUpdateErr
}
}
- exists, err := r.InternalClient.CheckNetworkExists(network.Spec.Type, network.Name)
- if err != nil {
- log.Error(err, "failed to check network existence")
- // Update the status to Unknown due to connection issues
-
- // Update the status in the Kubernetes API
- r.updateControllerStatus(ctx, network, l2smv1.UnknownStatus)
- return ctrl.Result{}, err
- }
-
- if !exists {
- err := r.InternalClient.CreateNetwork(network.Spec.Type, sdnclient.VnetPayload{NetworkId: network.Name})
- if err != nil {
- log.Error(err, "failed to create network")
- r.updateControllerStatus(ctx, network, l2smv1.OfflineStatus)
-
- return ctrl.Result{}, err
- }
- log.Info("Network created in SDN controller", "NetworkID", network.Name)
- } else {
- log.Info("Network already exists in SDN controller, no action needed", "NetworkID", network.Name)
- }
- if statusUpdateErr := r.updateControllerStatus(ctx, network, l2smv1.OnlineStatus); statusUpdateErr != nil {
- log.Error(statusUpdateErr, "unable to update L2SMNetwork provider status")
- return ctrl.Result{}, statusUpdateErr
- }
-
+ // exists, err := r.InternalClient.CheckNetworkExists(network.Spec.Type, network.Name)
+ // if err != nil {
+ // log.Error(err, "failed to check network existence")
+ // // Update the status to Unknown due to connection issues
+
+ // // Update the status in the Kubernetes API
+ // r.updateControllerStatus(ctx, network, l2smv1.UnknownStatus)
+ // return ctrl.Result{}, err
+ // }
+
+ // if !exists {
+ // err := r.InternalClient.CreateNetwork(network.Spec.Type, sdnclient.VnetPayload{NetworkId: network.Name})
+ // if err != nil {
+ // log.Error(err, "failed to create network")
+ // r.updateControllerStatus(ctx, network, l2smv1.OfflineStatus)
+
+ // return ctrl.Result{}, err
+ // }
+ // log.Info("Network created in SDN controller", "NetworkID", network.Name)
+ // } else {
+ // log.Info("Network already exists in SDN controller, no action needed", "NetworkID", network.Name)
+ // }
+ // if statusUpdateErr := r.updateControllerStatus(ctx, network, l2smv1.OnlineStatus); statusUpdateErr != nil {
+ // log.Error(statusUpdateErr, "unable to update L2Network provider status")
+ // return ctrl.Result{}, statusUpdateErr
+ // }
+
+ log.Info("something in the rain")
return ctrl.Result{}, nil
}
// SetupWithManager sets up the controller with the Manager.
-func (r *L2SMNetworkReconciler) SetupWithManager(mgr ctrl.Manager) error {
+func (r *L2NetworkReconciler) SetupWithManager(mgr ctrl.Manager) error {
var err error
r.Log.Info("this is the controller ip", os.Getenv("CONTROLLER_IP"))
fmt.Println(os.Getenv("CONTROLLER_IP"))
+ fmt.Println(os.Getenv("CONTROLLER_PORT"))
+
// Initialize the InternalClient with the base URL of the SDN controller
- clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s:8181/onos/v1", os.Getenv("CONTROLLER_IP")), Username: "karaf", Password: "karaf"}
+ clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s:%s/onos", os.Getenv("CONTROLLER_IP"), os.Getenv("CONTROLLER_PORT")), Username: "karaf", Password: "karaf"}
r.InternalClient, err = sdnclient.NewClient(sdnclient.InternalType, clientConfig)
if err != nil {
@@ -159,21 +171,21 @@ func (r *L2SMNetworkReconciler) SetupWithManager(mgr ctrl.Manager) error {
return err
}
return ctrl.NewControllerManagedBy(mgr).
- For(&l2smv1.L2SMNetwork{}). // Watch for changes to primary resource L2SMNetwork
+ For(&l2smv1.L2Network{}). // Watch for changes to primary resource L2Network
Complete(r)
}
-func interDomainReconcile(network *l2smv1.L2SMNetwork, log logr.Logger) (l2smv1.ConnectivityStatus, error) {
+func interDomainReconcile(network *l2smv1.L2Network, log logr.Logger) (l2smv1.ConnectivityStatus, error) {
if network.Spec.Provider == nil {
return l2smv1.UnknownStatus, errors.New("ext-vnet doesn't have a provider specified")
}
- clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s/onos/v1", network.Spec.Provider.Domain), Username: "karaf", Password: "karaf"}
+ clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s/onos", network.Spec.Provider.Domain), Username: "karaf", Password: "karaf"}
externalClient, err := sdnclient.NewClient(sdnclient.InternalType, clientConfig)
if err != nil {
- return l2smv1.OfflineStatus, err
+ return l2smv1.OfflineStatus, fmt.Errorf("could not initialize session with external provider: %v", err)
}
exists, err := externalClient.CheckNetworkExists(network.Spec.Type, network.Name)
@@ -197,7 +209,7 @@ func interDomainReconcile(network *l2smv1.L2SMNetwork, log logr.Logger) (l2smv1.
}
-func (r *L2SMNetworkReconciler) updateControllerStatus(ctx context.Context, network *l2smv1.L2SMNetwork, status l2smv1.ConnectivityStatus) error {
+func (r *L2NetworkReconciler) updateControllerStatus(ctx context.Context, network *l2smv1.L2Network, status l2smv1.ConnectivityStatus) error {
network.Status.InternalConnectivity = &status
diff --git a/l2sm-api-resources/internal/controller/l2smnetwork_controller_test.go b/internal/controller/l2network_controller_test.go
similarity index 56%
rename from l2sm-api-resources/internal/controller/l2smnetwork_controller_test.go
rename to internal/controller/l2network_controller_test.go
index 975249a9f5eac94e209145c42264c585ffb27d9b..6725c22ac520b78ca2678ad5d1203cf956970812 100644
--- a/l2sm-api-resources/internal/controller/l2smnetwork_controller_test.go
+++ b/internal/controller/l2network_controller_test.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package controller
import (
@@ -28,10 +25,10 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
)
-var _ = Describe("L2SMNetwork Controller", func() {
+var _ = Describe("L2Network Controller", func() {
Context("When reconciling a resource", func() {
const resourceName = "test-resource"
@@ -41,13 +38,13 @@ var _ = Describe("L2SMNetwork Controller", func() {
Name: resourceName,
Namespace: "default", // TODO(user):Modify as needed
}
- l2smnetwork := &l2smv1.L2SMNetwork{}
+ l2network := &l2smv1.L2Network{}
BeforeEach(func() {
- By("creating the custom resource for the Kind L2SMNetwork")
- err := k8sClient.Get(ctx, typeNamespacedName, l2smnetwork)
+ By("creating the custom resource for the Kind L2Network")
+ err := k8sClient.Get(ctx, typeNamespacedName, l2network)
if err != nil && errors.IsNotFound(err) {
- resource := &l2smv1.L2SMNetwork{
+ resource := &l2smv1.L2Network{
ObjectMeta: metav1.ObjectMeta{
Name: resourceName,
Namespace: "default",
@@ -60,16 +57,16 @@ var _ = Describe("L2SMNetwork Controller", func() {
AfterEach(func() {
// TODO(user): Cleanup logic after each test, like removing the resource instance.
- resource := &l2smv1.L2SMNetwork{}
+ resource := &l2smv1.L2Network{}
err := k8sClient.Get(ctx, typeNamespacedName, resource)
Expect(err).NotTo(HaveOccurred())
- By("Cleanup the specific resource instance L2SMNetwork")
+ By("Cleanup the specific resource instance L2Network")
Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
})
It("should successfully reconcile the resource", func() {
By("Reconciling the created resource")
- controllerReconciler := &L2SMNetworkReconciler{
+ controllerReconciler := &L2NetworkReconciler{
Client: k8sClient,
Scheme: k8sClient.Scheme(),
}
diff --git a/internal/controller/networkedgedevice_controller.go b/internal/controller/networkedgedevice_controller.go
new file mode 100644
index 0000000000000000000000000000000000000000..ab2aaf2596978e7b49900d7277357411e675f8f1
--- /dev/null
+++ b/internal/controller/networkedgedevice_controller.go
@@ -0,0 +1,307 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "time"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ "github.com/Networks-it-uc3m/L2S-M/internal/utils"
+ appsv1 "k8s.io/api/apps/v1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+
+ nedv1 "github.com/Networks-it-uc3m/l2sm-switch/api/v1"
+)
+
+// NetworkEdgeDeviceReconciler reconciles a NetworkEdgeDevice object
+type NetworkEdgeDeviceReconciler struct {
+ client.Client
+ Scheme *runtime.Scheme
+}
+
+var (
+ // name of our custom finalizer
+ l2smFinalizer = "l2sm.operator.io/finalizer"
+ replicaSetOwnerKey = ".metadata.controller"
+ apiGVStr = l2smv1.GroupVersion.String()
+)
+
+// +kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=networkedgedevices,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=networkedgedevices/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=networkedgedevices/finalizers,verbs=update
+// +kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=replicasets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch;create;update;patch;delete
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the NetworkEdgeDevice object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
+func (r *NetworkEdgeDeviceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+
+ log := log.FromContext(ctx)
+
+ netEdgeDevice := &l2smv1.NetworkEdgeDevice{}
+
+ if err := r.Get(ctx, req.NamespacedName, netEdgeDevice); err != nil {
+ // we'll ignore not-found errors, since they can't be fixed by an immediate
+ // requeue (we'll need to wait for a new notification), and we can get them
+ // on deleted requests.
+ return ctrl.Result{}, client.IgnoreNotFound(err)
+ }
+
+ // examine DeletionTimestamp to determine if object is under deletion
+ if netEdgeDevice.ObjectMeta.DeletionTimestamp.IsZero() {
+ // The object is not being deleted, so if it does not have our finalizer,
+ // then lets add the finalizer and update the object. This is equivalent
+ // to registering our finalizer.
+ if !controllerutil.ContainsFinalizer(netEdgeDevice, l2smFinalizer) {
+ controllerutil.AddFinalizer(netEdgeDevice, l2smFinalizer)
+ if err := r.Update(ctx, netEdgeDevice); err != nil {
+ return ctrl.Result{}, err
+ }
+ log.Info("Network Edge Device created", "NetworkEdgeDevice", netEdgeDevice.Name)
+
+ }
+ } else {
+ // The object is being deleted
+ if controllerutil.ContainsFinalizer(netEdgeDevice, l2smFinalizer) {
+ // our finalizer is present, so lets handle any external dependency
+ // if err := r.deleteExternalResources(ctx, netEdgeDevice); err != nil {
+ // // if fail to delete the external dependency here, return with error
+ // // so that it can be retried.
+ // return ctrl.Result{}, err
+ // }
+
+ // remove our finalizer from the list and update it.
+ controllerutil.RemoveFinalizer(netEdgeDevice, l2smFinalizer)
+ if err := r.Update(ctx, netEdgeDevice); err != nil {
+ return ctrl.Result{}, err
+ }
+
+ }
+ log.Info("Network Edge Device deleted", "NetworkEdgeDevice", netEdgeDevice.Name)
+ // Stop reconciliation as the item is being deleted
+ return ctrl.Result{}, nil
+ }
+
+ var switchReplicaSets appsv1.ReplicaSetList
+ if err := r.List(ctx, &switchReplicaSets, client.InNamespace(req.Namespace), client.MatchingFields{replicaSetOwnerKey: req.Name}); err != nil {
+ log.Error(err, "unable to list child ReplicaSets")
+ return ctrl.Result{}, err
+ }
+
+ if len(switchReplicaSets.Items) == 0 {
+ if err := r.createExternalResources(ctx, netEdgeDevice); err != nil {
+ log.Error(err, "unable to create ReplicaSet")
+ return ctrl.Result{}, err
+ }
+ log.Info("NED Launched")
+ return ctrl.Result{RequeueAfter: time.Second * 20}, nil
+ }
+ // } else {
+
+ // //b, _ := json.Marshal(netEdgeDevice.Spec.Neighbors)
+
+ // }
+
+ return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *NetworkEdgeDeviceReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ if err := mgr.GetFieldIndexer().IndexField(context.Background(), &appsv1.ReplicaSet{}, replicaSetOwnerKey, func(rawObj client.Object) []string {
+ // grab the replica set object, extract the owner...
+ replicaSet := rawObj.(*appsv1.ReplicaSet)
+ owner := metav1.GetControllerOf(replicaSet)
+ if owner == nil {
+ return nil
+ }
+ // ...make sure it's a ReplicaSet...
+ if owner.APIVersion != apiGVStr || owner.Kind != "NetworkEdgeDevice" {
+ return nil
+ }
+
+ // ...and if so, return it
+ return []string{owner.Name}
+ }); err != nil {
+ return err
+ }
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&l2smv1.NetworkEdgeDevice{}).
+ Owns(&appsv1.ReplicaSet{}).
+ Complete(r)
+}
+
+// func (r *NetworkEdgeDeviceReconciler) deleteExternalResources(ctx context.Context, netEdgeDevice *l2smv1.NetworkEdgeDevice) error {
+
+// return nil
+// }
+func (r *NetworkEdgeDeviceReconciler) createExternalResources(ctx context.Context, netEdgeDevice *l2smv1.NetworkEdgeDevice) error {
+
+ neighbors := make([]string, len(netEdgeDevice.Spec.Neighbors))
+ for i, neighbor := range netEdgeDevice.Spec.Neighbors {
+ neighbors[i] = neighbor.Domain
+ }
+ nedNeighbors, err := json.Marshal(nedv1.Node{Name: netEdgeDevice.Spec.NodeConfig.NodeName, NodeIP: netEdgeDevice.Spec.NodeConfig.IPAddress, NeighborNodes: neighbors})
+ if err != nil {
+ return err
+ }
+ nedName := utils.GetBridgeName(utils.BridgeParams{NodeName: netEdgeDevice.Spec.NodeConfig.NodeName, ProviderName: netEdgeDevice.Spec.NetworkController.Name})
+
+ nedConfig, err := json.Marshal(nedv1.NedSettings{ControllerIP: netEdgeDevice.Spec.NetworkController.Domain, NodeName: netEdgeDevice.Spec.NodeConfig.NodeName, NedName: nedName})
+ if err != nil {
+ return err
+ }
+ // Create a ConfigMap to store the neighbors JSON
+
+ constructConfigMapForNED := func(netEdgeDevice *l2smv1.NetworkEdgeDevice) (*corev1.ConfigMap, error) {
+
+ configMap := &corev1.ConfigMap{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("%s-config", netEdgeDevice.Name),
+ Namespace: netEdgeDevice.Namespace,
+ },
+ Data: map[string]string{
+ "neighbors.json": string(nedNeighbors),
+ "config.json": string(nedConfig),
+ },
+ }
+ if err := controllerutil.SetControllerReference(netEdgeDevice, configMap, r.Scheme); err != nil {
+ return nil, err
+ }
+ return configMap, nil
+ }
+
+ configMap, err := constructConfigMapForNED(netEdgeDevice)
+
+ if err != nil {
+ return fmt.Errorf("could not construct the config map for the network edge device: %v", err)
+ }
+ // Create the ConfigMap in Kubernetes
+ if err := r.Client.Create(ctx, configMap); err != nil {
+ return err
+ }
+
+ constructReplicaSetforNED := func(netEdgeDevice *l2smv1.NetworkEdgeDevice) (*appsv1.ReplicaSet, error) {
+ name := fmt.Sprintf("%s-%s", netEdgeDevice.Name, utils.GenerateHash(netEdgeDevice))
+
+ // Define volume mounts to be added to each container
+ volumeMounts := []corev1.VolumeMount{
+ {
+ Name: "configurations",
+ MountPath: "/etc/l2sm/",
+ ReadOnly: true,
+ },
+ }
+
+ // Update containers to include the volume mount
+ containers := make([]corev1.Container, len(netEdgeDevice.Spec.SwitchTemplate.Spec.Containers))
+ for i, container := range netEdgeDevice.Spec.SwitchTemplate.Spec.Containers {
+ container.VolumeMounts = append(container.VolumeMounts, volumeMounts...)
+ containers[i] = container
+ }
+
+ // Define the volume using the created ConfigMap
+ volumes := []corev1.Volume{
+ {
+ Name: "configurations",
+ VolumeSource: corev1.VolumeSource{
+ ConfigMap: &corev1.ConfigMapVolumeSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: configMap.Name,
+ },
+ Items: []corev1.KeyToPath{
+ {
+ Key: "neighbors.json",
+ Path: "neighbors.json",
+ },
+ {
+ Key: "config.json",
+ Path: "config.json",
+ },
+ },
+ },
+ },
+ },
+ }
+
+ replicaSet := &appsv1.ReplicaSet{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: make(map[string]string),
+ Annotations: make(map[string]string),
+ Name: name,
+ Namespace: netEdgeDevice.Namespace,
+ },
+ Spec: appsv1.ReplicaSetSpec{
+ Replicas: utils.Int32Ptr(1),
+ Selector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app": "l2sm",
+ },
+ },
+ Template: corev1.PodTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: map[string]string{
+ "app": "l2sm",
+ },
+ },
+ Spec: corev1.PodSpec{
+ InitContainers: netEdgeDevice.Spec.SwitchTemplate.Spec.InitContainers,
+ Containers: containers,
+ Volumes: volumes,
+ HostNetwork: netEdgeDevice.Spec.SwitchTemplate.Spec.HostNetwork,
+ NodeName: netEdgeDevice.Spec.NodeConfig.NodeName,
+ },
+ },
+ },
+ }
+
+ for k, v := range netEdgeDevice.Spec.SwitchTemplate.Annotations {
+ replicaSet.Annotations[k] = v
+ }
+ for k, v := range netEdgeDevice.Spec.SwitchTemplate.Labels {
+ replicaSet.Labels[k] = v
+ }
+ if err := controllerutil.SetControllerReference(netEdgeDevice, replicaSet, r.Scheme); err != nil {
+ return nil, err
+ }
+ return replicaSet, nil
+ }
+
+ replicaSet, err := constructReplicaSetforNED(netEdgeDevice)
+ if err != nil {
+ return err
+ }
+
+ if err = r.Client.Create(ctx, replicaSet); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/internal/controller/networkedgedevice_controller_test.go b/internal/controller/networkedgedevice_controller_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..29611aec119261644a0ba2cf2c618e46f5ff8d7d
--- /dev/null
+++ b/internal/controller/networkedgedevice_controller_test.go
@@ -0,0 +1,82 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/types"
+ "sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+)
+
+var _ = Describe("NetworkEdgeDevice Controller", func() {
+ Context("When reconciling a resource", func() {
+ const resourceName = "test-resource"
+
+ ctx := context.Background()
+
+ typeNamespacedName := types.NamespacedName{
+ Name: resourceName,
+ Namespace: "default", // TODO(user):Modify as needed
+ }
+ networkedgedevice := &l2smv1.NetworkEdgeDevice{}
+
+ BeforeEach(func() {
+ By("creating the custom resource for the Kind NetworkEdgeDevice")
+ err := k8sClient.Get(ctx, typeNamespacedName, networkedgedevice)
+ if err != nil && errors.IsNotFound(err) {
+ resource := &l2smv1.NetworkEdgeDevice{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: resourceName,
+ Namespace: "default",
+ },
+ // TODO(user): Specify other spec details if needed.
+ }
+ Expect(k8sClient.Create(ctx, resource)).To(Succeed())
+ }
+ })
+
+ AfterEach(func() {
+ // TODO(user): Cleanup logic after each test, like removing the resource instance.
+ resource := &l2smv1.NetworkEdgeDevice{}
+ err := k8sClient.Get(ctx, typeNamespacedName, resource)
+ Expect(err).NotTo(HaveOccurred())
+
+ By("Cleanup the specific resource instance NetworkEdgeDevice")
+ Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
+ })
+ It("should successfully reconcile the resource", func() {
+ By("Reconciling the created resource")
+ controllerReconciler := &NetworkEdgeDeviceReconciler{
+ Client: k8sClient,
+ Scheme: k8sClient.Scheme(),
+ }
+
+ _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{
+ NamespacedName: typeNamespacedName,
+ })
+ Expect(err).NotTo(HaveOccurred())
+ // TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
+ // Example: If you expect a certain status condition after reconciliation, verify it here.
+ })
+ })
+})
diff --git a/internal/controller/overlay_controller.go b/internal/controller/overlay_controller.go
new file mode 100644
index 0000000000000000000000000000000000000000..8ff853f12044a5dd9ad271be4b1a924172108258
--- /dev/null
+++ b/internal/controller/overlay_controller.go
@@ -0,0 +1,378 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "time"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ "github.com/Networks-it-uc3m/L2S-M/internal/utils"
+ appsv1 "k8s.io/api/apps/v1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// OverlayReconciler reconciles a Overlay object
+type OverlayReconciler struct {
+ client.Client
+ Scheme *runtime.Scheme
+}
+
+var replicaSetOwnerKeyOverlay = ".metadata.controller.overlay"
+
+// +kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=replicasets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=overlays,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=overlays/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=l2sm.l2sm.k8s.local,resources=overlays/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the Overlay object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
+func (r *OverlayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+
+ log := log.FromContext(ctx)
+
+ overlay := &l2smv1.Overlay{}
+
+ if err := r.Get(ctx, req.NamespacedName, overlay); err != nil {
+ // we'll ignore not-found errors, since they can't be fixed by an immediate
+ // requeue (we'll need to wait for a new notification), and we can get them
+ // on deleted requests.
+ return ctrl.Result{}, client.IgnoreNotFound(err)
+ }
+
+ // name of our custom finalizer
+
+ // examine DeletionTimestamp to determine if object is under deletion
+ if overlay.ObjectMeta.DeletionTimestamp.IsZero() {
+ // The object is not being deleted, so if it does not have our finalizer,
+ // then lets add the finalizer and update the object. This is equivalent
+ // to registering our finalizer.
+ if !controllerutil.ContainsFinalizer(overlay, l2smFinalizer) {
+ controllerutil.AddFinalizer(overlay, l2smFinalizer)
+ if err := r.Update(ctx, overlay); err != nil {
+ return ctrl.Result{}, err
+ }
+ log.Info("Overlay created", "Overlay", overlay.Name)
+
+ }
+ } else {
+ // The object is being deleted
+ if controllerutil.ContainsFinalizer(overlay, l2smFinalizer) {
+ // our finalizer is present, so lets handle any external dependency
+ // if err := r.deleteExternalResources(ctx, overlay); err != nil {
+ // // if fail to delete the external dependency here, return with error
+ // // so that it can be retried.
+ // return ctrl.Result{}, err
+ // }
+
+ // remove our finalizer from the list and update it.
+ controllerutil.RemoveFinalizer(overlay, l2smFinalizer)
+ if err := r.Update(ctx, overlay); err != nil {
+ return ctrl.Result{}, err
+ }
+
+ }
+ log.Info("Overlay deleted", "Overlay", overlay.Name)
+ // Stop reconciliation as the item is being deleted
+ return ctrl.Result{}, nil
+ }
+
+ var switchReplicaSets appsv1.ReplicaSetList
+ if err := r.List(ctx, &switchReplicaSets, client.InNamespace(req.Namespace), client.MatchingFields{replicaSetOwnerKeyOverlay: req.Name}); err != nil {
+ log.Error(err, "unable to list child ReplicaSets")
+ return ctrl.Result{}, err
+ }
+
+ if len(switchReplicaSets.Items) == 0 {
+ if err := r.createExternalResources(ctx, overlay); err != nil {
+ log.Error(err, "unable to create ReplicaSet")
+ return ctrl.Result{}, err
+ }
+ log.Info("Overlay Launched")
+ return ctrl.Result{RequeueAfter: time.Second * 20}, nil
+ }
+ // else {
+
+ // //b, _ := json.Marshal(netEdgeDevice.Spec.Neighbors)
+
+ // }
+
+ return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *OverlayReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ if err := mgr.GetFieldIndexer().IndexField(context.Background(), &appsv1.ReplicaSet{}, replicaSetOwnerKeyOverlay, func(rawObj client.Object) []string {
+ // grab the replica set object, extract the owner...
+ replicaSet := rawObj.(*appsv1.ReplicaSet)
+ owner := metav1.GetControllerOf(replicaSet)
+ if owner == nil {
+ return nil
+ }
+ // ...make sure it's a ReplicaSet...
+ if owner.APIVersion != apiGVStr || owner.Kind != "Overlay" {
+ return nil
+ }
+
+ // ...and if so, return it
+ return []string{owner.Name}
+ }); err != nil {
+ return err
+ }
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&l2smv1.Overlay{}).
+ Owns(&appsv1.ReplicaSet{}).
+ Complete(r)
+}
+
+// func (r *OverlayReconciler) deleteExternalResources(ctx context.Context, overlay *l2smv1.Overlay) error {
+
+// return nil
+// }
+
+type TopologySwitchJson struct {
+ Nodes []NodeJson `json:"Nodes"`
+ Links []l2smv1.Link `json:"Links"`
+}
+
+type NodeJson struct {
+ Name string `json:"name"`
+ NodeIP string `json:"nodeIP"`
+}
+
+func (r *OverlayReconciler) createExternalResources(ctx context.Context, overlay *l2smv1.Overlay) error {
+
+ // Create a ConfigMap to store the topology JSON
+ constructConfigMapForOverlay := func(overlay *l2smv1.Overlay) (*corev1.ConfigMap, error) {
+
+ // Construct the TopologySwitchJson
+ topologySwitch := TopologySwitchJson{}
+
+ overlayName := overlay.ObjectMeta.Name
+
+ // Populate Nodes
+ for _, nodeName := range overlay.Spec.Topology.Nodes {
+ node := NodeJson{
+ Name: nodeName,
+ NodeIP: fmt.Sprintf("l2sm-switch-%s-%s", overlayName, nodeName),
+ }
+ topologySwitch.Nodes = append(topologySwitch.Nodes, node)
+ }
+
+ // Populate Links
+ topologySwitch.Links = append(topologySwitch.Links, overlay.Spec.Topology.Links...)
+
+ // Convert TopologySwitchJson to JSON
+ topologyJSON, err := json.Marshal(topologySwitch)
+ if err != nil {
+ return nil, err
+ }
+
+ configMap := &corev1.ConfigMap{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("%s-topology", overlay.Name),
+ Namespace: overlay.Namespace,
+ },
+ Data: map[string]string{
+ "topology.json": string(topologyJSON),
+ },
+ }
+ if err := controllerutil.SetControllerReference(overlay, configMap, r.Scheme); err != nil {
+ return nil, err
+ }
+ return configMap, nil
+ }
+
+ configMap, _ := constructConfigMapForOverlay(overlay)
+
+ // Create the ConfigMap in Kubernetes
+ if err := r.Client.Create(ctx, configMap); err != nil {
+ return err
+ }
+
+ constructNodeResourcesForOverlay := func(overlay *l2smv1.Overlay) ([]*appsv1.ReplicaSet, []*corev1.Service, error) {
+
+ // Define volume mounts to be added to each container
+ volumeMounts := []corev1.VolumeMount{
+ {
+ Name: "topology",
+ MountPath: "/etc/l2sm/",
+ ReadOnly: true,
+ },
+ }
+
+ // Update containers to include the volume mount
+ containers := make([]corev1.Container, len(overlay.Spec.SwitchTemplate.Spec.Containers))
+ for i, container := range overlay.Spec.SwitchTemplate.Spec.Containers {
+ container.VolumeMounts = append(container.VolumeMounts, volumeMounts...)
+ containers[i] = container
+ }
+
+ // Define the volume using the created ConfigMap
+ volumes := []corev1.Volume{
+ {
+ Name: "topology",
+ VolumeSource: corev1.VolumeSource{
+ ConfigMap: &corev1.ConfigMapVolumeSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: configMap.Name,
+ },
+ Items: []corev1.KeyToPath{
+ {
+ Key: "topology.json",
+ Path: "topology.json",
+ },
+ },
+ },
+ },
+ },
+ }
+
+ var replicaSets []*appsv1.ReplicaSet
+ var services []*corev1.Service
+
+ for _, node := range overlay.Spec.Topology.Nodes {
+
+ name := fmt.Sprintf("%s-%s-%s", "l2sm-switch", node, utils.GenerateHash(overlay))
+
+ replicaSet := &appsv1.ReplicaSet{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: make(map[string]string),
+ Annotations: make(map[string]string),
+ Name: name,
+ Namespace: overlay.Namespace,
+ },
+ Spec: appsv1.ReplicaSetSpec{
+ Replicas: utils.Int32Ptr(1),
+ Selector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app": name,
+ },
+ },
+ Template: corev1.PodTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: map[string]string{
+ "app": name,
+ },
+ Annotations: map[string]string{
+ "k8s.v1.cni.cncf.io/networks": `[{
+ "name": "veth1", "ips": ["fe80::58d0:b8ff:fe42:debf/64"]
+ }, {
+ "name": "veth2", "ips": ["fe80::58d0:b8ff:fe42:debe/64"]
+ }, {
+ "name": "veth3", "ips": ["fe80::58d0:b8ff:fe42:debd/64"]
+ }, {
+ "name": "veth4", "ips": ["fe80::58d0:b8ff:fe42:debc/64"]
+ }, {
+ "name": "veth5", "ips": ["fe80::58d0:b8ff:fe42:debb/64"]
+ }, {
+ "name": "veth6", "ips": ["fe80::58d0:b8ff:fe42:deba/64"]
+ }, {
+ "name": "veth7", "ips": ["fe80::58d0:b8ff:fe42:deb9/64"]
+ }, {
+ "name": "veth8", "ips": ["fe80::58d0:b8ff:fe42:deb8/64"]
+ }, {
+ "name": "veth9", "ips": ["fe80::58d0:b8ff:fe42:deb7/64"]
+ }, {
+ "name": "veth10", "ips": ["fe80::58d0:b8ff:fe42:deb6/64"]
+ }]`,
+ },
+ },
+ Spec: corev1.PodSpec{
+ InitContainers: overlay.Spec.SwitchTemplate.Spec.InitContainers,
+ Containers: containers,
+ Volumes: volumes,
+ HostNetwork: overlay.Spec.SwitchTemplate.Spec.HostNetwork,
+ NodeName: node,
+ },
+ },
+ },
+ }
+
+ for k, v := range overlay.Spec.SwitchTemplate.Annotations {
+ replicaSet.Annotations[k] = v
+ }
+ for k, v := range overlay.Spec.SwitchTemplate.Labels {
+ replicaSet.Labels[k] = v
+ }
+ if err := controllerutil.SetControllerReference(overlay, replicaSet, r.Scheme); err != nil {
+ return nil, nil, err
+ }
+
+ replicaSets = append(replicaSets, replicaSet)
+
+ // Create a headless service for the ReplicaSet
+ service := &corev1.Service{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("l2sm-switch-%s-%s", overlay.Name, node),
+ Namespace: overlay.Namespace,
+ Labels: map[string]string{"app": name},
+ },
+ Spec: corev1.ServiceSpec{
+ ClusterIP: "None",
+ Selector: map[string]string{"app": name},
+ Ports: []corev1.ServicePort{
+ {
+ Name: "http",
+ Port: 80,
+ },
+ },
+ },
+ }
+
+ if err := controllerutil.SetControllerReference(overlay, service, r.Scheme); err != nil {
+ return nil, nil, err
+ }
+
+ services = append(services, service)
+ }
+
+ return replicaSets, services, nil
+ }
+
+ replicaSets, services, err := constructNodeResourcesForOverlay(overlay)
+ if err != nil {
+ return err
+ }
+
+ for _, replicaSet := range replicaSets {
+ if err = r.Client.Create(ctx, replicaSet); err != nil {
+ return err
+ }
+ }
+ for _, service := range services {
+ if err = r.Client.Create(ctx, service); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
diff --git a/internal/controller/overlay_controller_test.go b/internal/controller/overlay_controller_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..342bf15e60bc516a58051788e020383c655c8cf8
--- /dev/null
+++ b/internal/controller/overlay_controller_test.go
@@ -0,0 +1,82 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/types"
+ "sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+)
+
+var _ = Describe("Overlay Controller", func() {
+ Context("When reconciling a resource", func() {
+ const resourceName = "test-resource"
+
+ ctx := context.Background()
+
+ typeNamespacedName := types.NamespacedName{
+ Name: resourceName,
+ Namespace: "default", // TODO(user):Modify as needed
+ }
+ overlay := &l2smv1.Overlay{}
+
+ BeforeEach(func() {
+ By("creating the custom resource for the Kind Overlay")
+ err := k8sClient.Get(ctx, typeNamespacedName, overlay)
+ if err != nil && errors.IsNotFound(err) {
+ resource := &l2smv1.Overlay{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: resourceName,
+ Namespace: "default",
+ },
+ // TODO(user): Specify other spec details if needed.
+ }
+ Expect(k8sClient.Create(ctx, resource)).To(Succeed())
+ }
+ })
+
+ AfterEach(func() {
+ // TODO(user): Cleanup logic after each test, like removing the resource instance.
+ resource := &l2smv1.Overlay{}
+ err := k8sClient.Get(ctx, typeNamespacedName, resource)
+ Expect(err).NotTo(HaveOccurred())
+
+ By("Cleanup the specific resource instance Overlay")
+ Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
+ })
+ It("should successfully reconcile the resource", func() {
+ By("Reconciling the created resource")
+ controllerReconciler := &OverlayReconciler{
+ Client: k8sClient,
+ Scheme: k8sClient.Scheme(),
+ }
+
+ _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{
+ NamespacedName: typeNamespacedName,
+ })
+ Expect(err).NotTo(HaveOccurred())
+ // TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
+ // Example: If you expect a certain status condition after reconciliation, verify it here.
+ })
+ })
+})
diff --git a/internal/controller/pod_controller.go b/internal/controller/pod_controller.go
new file mode 100644
index 0000000000000000000000000000000000000000..93ef743d9d544f10bc09a9ba54630dd3ae5ff071
--- /dev/null
+++ b/internal/controller/pod_controller.go
@@ -0,0 +1,318 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "os"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ "github.com/Networks-it-uc3m/L2S-M/internal/nedinterface"
+ "github.com/Networks-it-uc3m/L2S-M/internal/sdnclient"
+ "github.com/Networks-it-uc3m/L2S-M/internal/utils"
+ "github.com/go-logr/logr"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+
+ nettypes "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
+)
+
+// PodReconciler reconciles a Pod object
+type PodReconciler struct {
+ client.Client
+ Log logr.Logger
+
+ Scheme *runtime.Scheme
+ SwitchesNamespace string
+ InternalClient sdnclient.Client
+}
+
+//+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the Pod object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
+func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ logger := log.FromContext(ctx)
+
+ pod := &corev1.Pod{}
+ err := r.Get(ctx, req.NamespacedName, pod)
+ if err != nil {
+ // Error reading the object - requeue the request.
+ return ctrl.Result{}, client.IgnoreNotFound(err)
+ }
+
+ // Check if the 'l2sm/network' annotation is present. If not, we are not interested in this pod.
+ if _, ok := pod.GetAnnotations()[L2SM_NETWORK_ANNOTATION]; !ok {
+ return ctrl.Result{}, nil
+
+ }
+
+ // Ensure the Multus annotation is correctly formatted and present
+
+ // Check if the pod is being deleted
+ if pod.GetDeletionTimestamp() != nil {
+ if utils.ContainsString(pod.GetFinalizers(), l2smFinalizer) {
+ logger.Info("L2S-M Pod deleted: detaching l2network")
+
+ // If the pod is being deleted, we should free the interface, both the net-attach-def crd and the openflow port.
+ // This is done for each interface in the pod.
+ // multusAnnotations, ok := pod.Annotations[MULTUS_ANNOTATION_KEY]
+
+ // if !ok {
+ // logger.Error(nil, "Error detaching the pod from the network attachment definitions")
+ // }
+
+ // multusNetAttachDefinitions, err := extractNetworks(pod.Annotations[multusAnnotations], r.SwitchesNamespace)
+
+ // if err != nil {
+ // logger.Error(nil, "Error detaching the pod from the network attachment definitions")
+ // }
+
+ // for _, multusNetAttachDef := range multusNetAttachDefinitions {
+
+ // fmt.Println(multusNetAttachDef)
+ // // We liberate the specific attachment from the node, so it can be used again
+ // //r.DetachNetAttachDef(ctx, multusNetAttachDef, r.SwitchesNamespace)
+
+ // // We liberate the port in the onos app
+ // //r.InternalClient.DetachPodFromNetwork("vnet",multusNetAttachDef)
+ // }
+
+ // Remove our finalizer from the list and update it.
+ pod.SetFinalizers(utils.RemoveString(pod.GetFinalizers(), l2smFinalizer))
+ if err := r.Update(ctx, pod); err != nil {
+ return ctrl.Result{}, err
+ }
+ // Stop reconciliation as the item is being deleted
+ return ctrl.Result{}, nil
+ }
+ // Stop reconciliation as the item is being deleted
+ return ctrl.Result{}, nil
+ }
+
+ // Check if the pod has a finalizer attached to it. If not, we asume this pod is being created,
+ // so we attach the l2network to it.
+ if !utils.ContainsString(pod.GetFinalizers(), l2smFinalizer) {
+ // We add the finalizers now that the pod has been added to the network and we want to keep track of it
+ pod.SetFinalizers(append(pod.GetFinalizers(), l2smFinalizer))
+ if err := r.Update(ctx, pod); err != nil {
+ return ctrl.Result{}, err
+ }
+ logger.Info("L2S-M Pod created: attaching to l2network")
+
+ // We extract the network names and ip adresses desired for our pod.
+ networkAnnotations, err := extractNetworks(pod.Annotations[L2SM_NETWORK_ANNOTATION], r.SwitchesNamespace)
+
+ // If there's an error, probably the user did input wrongfully the networks, in this case throw an error.
+ if err != nil {
+ logger.Error(err, "l2 networks could not be extracted from the pods annotations")
+ return ctrl.Result{}, err
+ }
+
+ // We get an array of the existing L2Networks the pod's being associated to.
+ networks, err := GetL2Networks(ctx, r.Client, networkAnnotations)
+
+ // If there's an error, it mayu be that the network is not yet created ornot available. In this case,
+ // we don't let the pod create itself, and wait until the l2network is created and/or available
+ if err != nil {
+
+ logger.Error(nil, "Pod's network annotation incorrect. L2Network not attached.")
+ // return admission.Allowed("Pod's network annotation incorrect. L2Network not attached.")
+ return ctrl.Result{}, err
+
+ }
+
+ // Add the pod interfaces to the sdn controller
+ multusAnnotations, ok := pod.Annotations[MULTUS_ANNOTATION_KEY]
+
+ if !ok {
+ logger.Error(nil, "Error detaching the pod from the network attachment definitions")
+ return ctrl.Result{}, nil
+ }
+
+ // We get which interfaces are we using inside the pod, so we can later attach them to the sdn controller
+ multusNetAttachDefinitions, err := extractNetworks(multusAnnotations, r.SwitchesNamespace)
+
+ // If there are not the same number of multus annotations as networks, we need to throw an error as we can't
+ // reach the desired state for the user.
+ if err != nil || len(multusNetAttachDefinitions) != len(networkAnnotations) {
+ logger.Error(nil, "Error detaching the pod from the network attachment definitions")
+ return ctrl.Result{}, nil
+ }
+
+ // Now, for every network, we make a call to the sdn controller, asking for the attachment to the switch
+ // We get the openflow ID of the switch that this pod is connected to.
+ ofID := fmt.Sprintf("of:%s", utils.GenerateDatapathID(pod.Spec.NodeName))
+
+ for index, network := range networks {
+ // We get the port number based on the name of the multus annotation. veth1 -> port num 1.
+ portNumber, err := utils.GetPortNumberFromNetAttachDef(multusNetAttachDefinitions[index].Name)
+
+ if err != nil {
+ // If there is an error, it must be that the name is not compliant, so we can't be certain of which
+ // port we are trying to attach.
+ return ctrl.Result{}, fmt.Errorf("could not get port number from the multus network annotation: %v. Can't attach pod to network", err)
+ }
+ ofPort := fmt.Sprintf("%s/%s", ofID, portNumber)
+
+ // we inform the sdn controller of this new port attachment
+ err = r.InternalClient.AttachPodToNetwork("vnets", sdnclient.VnetPortPayload{NetworkId: network.Name, Port: []string{ofPort}})
+ if err != nil {
+ logger.Error(err, "Error attaching pod to the l2network")
+ return ctrl.Result{}, nil
+ }
+ // If the L2Network is of type inter-domain (has a provider), attach the associated NED
+ // and communicate with it
+ if network.Spec.Provider != nil {
+ logger.Info("Attaching pod to the external sdn controller")
+ // First we get information from the NED, required to perform the next operations.
+ // The info we need is the node name it is residing in.
+ ned, err := nedinterface.GetNetworkEdgeDevice(ctx, r.Client, network.Spec.Provider.Name)
+
+ if err != nil {
+ fmt.Printf("error getting NED: %v", err)
+ return ctrl.Result{}, nil
+
+ }
+ // Then, we create the connection between the NED and the l2sm-switch, in the internal SDN Controller
+ nedNetworkAttachDef, err := r.ConnectInternalSwitchToNED(ctx, network.Name, ned.Spec.NodeConfig.NodeName)
+ if err != nil {
+ fmt.Printf("error connecting NED: %v", err)
+ return ctrl.Result{}, nil
+ }
+ // We attach the ned to this new network, connecting with the IDCO SDN Controller. We need
+ // The Network name so we can know which network to attach the port to.
+ // The multus network attachment definition that will be used as a bridge between the internal switch and the NED.
+ bridgeName, err := utils.GetPortNumberFromNetAttachDef(nedNetworkAttachDef.Name)
+ if err != nil {
+ // If there is an error, it must be that the name is not compliant, so we can't be certain of which
+ // port we are trying to attach.
+ return ctrl.Result{}, fmt.Errorf("could not get port number from the multus network annotation: %v. Can't attach pod to network", err)
+ }
+ err = r.CreateNewNEDConnection(network, fmt.Sprintf("br%s", bridgeName), ned)
+ if err != nil {
+ fmt.Printf("error attaching NED to the l2network: %v", err)
+
+ return ctrl.Result{}, nil
+ }
+ logger.Info("Connected pod to inter-domain network")
+
+ }
+ }
+
+ }
+
+ return ctrl.Result{}, nil
+
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ var err error
+ // Initialize the InternalClient with the base URL of the SDN controller
+ clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s:%s/onos", os.Getenv("CONTROLLER_IP"), os.Getenv("CONTROLLER_PORT")), Username: "karaf", Password: "karaf"}
+
+ r.InternalClient, err = sdnclient.NewClient(sdnclient.InternalType, clientConfig)
+ if err != nil {
+ r.Log.Error(err, "failed to initiate session with sdn controller")
+ return err
+ }
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&corev1.Pod{}).
+ Complete(r)
+}
+
+// CreateNEDConnection is a method that given the name of the network and the
+func (r *PodReconciler) CreateNewNEDConnection(network l2smv1.L2Network, nedNetworkAttachDef string, ned l2smv1.NetworkEdgeDevice) error {
+
+ clientConfig := sdnclient.ClientConfig{BaseURL: fmt.Sprintf("http://%s/onos", network.Spec.Provider.Domain), Username: "karaf", Password: "karaf"}
+
+ fmt.Println(clientConfig)
+ externalClient, err := sdnclient.NewClient(sdnclient.InternalType, clientConfig)
+
+ if err != nil {
+ return fmt.Errorf("no connection could be made with external sdn controller: %s", err)
+
+ }
+ // AddPort returns the port number to attach so we can talk directly with the IDCO
+ // It needs to know which exiting interface to add to the network
+ nedPortNumber, err := nedinterface.AttachInterface(fmt.Sprintf("%s:50051", ned.Spec.NodeConfig.IPAddress), nedNetworkAttachDef)
+
+ if err != nil {
+ return fmt.Errorf("no connection could be made with ned: %v", err)
+ }
+
+ nedOFID := fmt.Sprintf("of:%s", utils.GenerateDatapathID(utils.GetBridgeName(utils.BridgeParams{NodeName: ned.Spec.NodeConfig.NodeName, ProviderName: network.Spec.Provider.Name})))
+ nedOFPort := fmt.Sprintf("%s/%s", nedOFID, nedPortNumber)
+
+ err = externalClient.AttachPodToNetwork(network.Spec.Type, sdnclient.VnetPortPayload{NetworkId: network.Name, Port: []string{nedOFPort}})
+ if err != nil {
+ return errors.Join(err, errors.New("could not update network attachment definition"))
+
+ }
+ return nil
+}
+
+func (r *PodReconciler) ConnectInternalSwitchToNED(ctx context.Context, networkName, nedNodeName string) (nettypes.NetworkAttachmentDefinition, error) {
+
+ // We get a free interface in the node name of the NED, this way we can interconnect the NED with the l2sm switch
+ var err error
+ netAttachDefLabel := NET_ATTACH_LABEL_PREFIX + nedNodeName
+ netAttachDefs := GetFreeNetAttachDefs(ctx, r.Client, r.SwitchesNamespace, netAttachDefLabel)
+
+ if len(netAttachDefs.Items) == 0 {
+ err = errors.New("no interfaces available in control plane node")
+ //logger.Error(err, fmt.Sprintf("No interfaces available for node %s", gatewayNodeName))
+ return nettypes.NetworkAttachmentDefinition{}, err
+ }
+
+ netAttachDef := &netAttachDefs.Items[0]
+
+ portNumber, _ := utils.GetPortNumberFromNetAttachDef(netAttachDef.Name)
+
+ internalSwitchOFID := fmt.Sprintf("of:%s", utils.GenerateDatapathID(nedNodeName))
+
+ internalSwitchOFPort := fmt.Sprintf("%s/%s", internalSwitchOFID, portNumber)
+
+ err = r.InternalClient.AttachPodToNetwork("vnets", sdnclient.VnetPortPayload{NetworkId: networkName, Port: []string{internalSwitchOFPort}})
+
+ if err != nil {
+ return nettypes.NetworkAttachmentDefinition{}, fmt.Errorf("could not make a connection between the internal switch and the NED. Internal SDN controller error: %s", err)
+
+ }
+
+ netAttachDef.Labels[netAttachDefLabel] = "true"
+ err = r.Client.Update(ctx, netAttachDef)
+ if err != nil {
+ return nettypes.NetworkAttachmentDefinition{}, fmt.Errorf("could not update network attachment definition: %s", err)
+
+ }
+
+ return *netAttachDef, nil
+}
diff --git a/internal/controller/pod_controller_te b/internal/controller/pod_controller_te
new file mode 100644
index 0000000000000000000000000000000000000000..8d3860de493b6513b299ba667d57c4af63dc9335
--- /dev/null
+++ b/internal/controller/pod_controller_te
@@ -0,0 +1,32 @@
+// /*
+// Copyright 2024.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// */
+
+// package controller
+
+// import (
+// . "github.com/onsi/ginkgo/v2"
+// )
+
+// var _ = Describe("Pod Controller", func() {
+// Context("When reconciling a resource", func() {
+
+// It("should successfully reconcile the resource", func() {
+
+// // TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
+// // Example: If you expect a certain status condition after reconciliation, verify it here.
+// })
+// })
+// })
diff --git a/internal/controller/pod_utils.go b/internal/controller/pod_utils.go
new file mode 100644
index 0000000000000000000000000000000000000000..3b0d20f13009353dbb0c1aca2db3422ef25d0204
--- /dev/null
+++ b/internal/controller/pod_utils.go
@@ -0,0 +1,156 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "math/rand"
+ "strings"
+ "time"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ nettypes "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/apimachinery/pkg/selection"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+ NET_ATTACH_LABEL_PREFIX = "used-"
+ L2SM_NETWORK_ANNOTATION = "l2sm/networks"
+ MULTUS_ANNOTATION_KEY = "k8s.v1.cni.cncf.io/networks"
+)
+
+type NetworkAnnotation struct {
+ Name string `json:"name"`
+ Namespace string `json:"namespace,omitempty"`
+ IPAdresses []string `json:"ips,omitempty"`
+}
+
+func extractNetworks(annotations, namespace string) ([]NetworkAnnotation, error) {
+
+ var networks []NetworkAnnotation
+ err := json.Unmarshal([]byte(annotations), &networks)
+ if err != nil {
+ // If unmarshalling fails, treat as comma-separated list
+ names := strings.Split(annotations, ",")
+
+ for _, name := range names {
+ name = strings.TrimSpace(name)
+ if name != "" {
+ networks = append(networks, NetworkAnnotation{Name: name})
+ }
+ }
+ }
+
+ // Iterate over the networks to check if any IPAddresses are missing
+ for i := range networks {
+ if len(networks[i].IPAdresses) == 0 {
+ // Call GenerateIPv6Address if IPAddresses are missing
+ networks[i].GenerateIPv6Address()
+ }
+ networks[i].Namespace = namespace
+ }
+ return networks, nil
+}
+
+func GetL2Networks(ctx context.Context, c client.Client, networks []NetworkAnnotation) ([]l2smv1.L2Network, error) {
+ // List all L2Networks
+ l2Networks := &l2smv1.L2NetworkList{}
+ if err := c.List(ctx, l2Networks); err != nil {
+ return []l2smv1.L2Network{}, err
+ }
+
+ // Create a map of existing L2Network names to L2Network objects for quick lookup
+ existingNetworks := make(map[string]l2smv1.L2Network)
+ for _, network := range l2Networks.Items {
+ existingNetworks[network.Name] = network
+ }
+
+ // Collect the L2Networks that match the requested networks
+ var result l2smv1.L2NetworkList
+ for _, net := range networks {
+ if l2net, exists := existingNetworks[net.Name]; exists {
+ result.Items = append(result.Items, l2net)
+ } else {
+ return result.Items, fmt.Errorf("network %s doesn't exist", net.Name)
+ }
+ }
+
+ return result.Items, nil
+}
+
+func GetFreeNetAttachDefs(ctx context.Context, c client.Client, switchesNamespace, label string) nettypes.NetworkAttachmentDefinitionList {
+
+ // We define the network attachment definition list that will be later filled.
+ freeNetAttachDef := &nettypes.NetworkAttachmentDefinitionList{}
+
+ // We specify which net-attach-def we want. We want the ones that are specific to l2sm, in the overlay namespace and available in the desired node.
+ nodeSelector := labels.NewSelector()
+
+ nodeRequirement, _ := labels.NewRequirement(label, selection.NotIn, []string{"true"})
+ l2smRequirement, _ := labels.NewRequirement("app", selection.Equals, []string{"l2sm"})
+
+ nodeSelector.Add(*nodeRequirement)
+ nodeSelector.Add(*l2smRequirement)
+
+ listOptions := client.ListOptions{LabelSelector: nodeSelector, Namespace: switchesNamespace}
+
+ // We get the net-attach-def with the corresponding list options
+ c.List(ctx, freeNetAttachDef, &listOptions)
+ return *freeNetAttachDef
+
+}
+
+func (network *NetworkAnnotation) GenerateIPv6Address() {
+ rand.Seed(time.Now().UnixNano())
+
+ // Generating the interface ID (64 bits)
+ interfaceID := rand.Uint64()
+
+ // Formatting to a 16 character hexadecimal string
+ interfaceIDHex := fmt.Sprintf("%016x", interfaceID)
+
+ // Constructing the full IPv6 address in the fe80::/64 range
+ ipv6Address := fmt.Sprintf("fe80::%s:%s:%s:%s/64",
+ interfaceIDHex[:4], interfaceIDHex[4:8], interfaceIDHex[8:12], interfaceIDHex[12:])
+
+ network.IPAdresses = append(network.IPAdresses, ipv6Address)
+
+}
+func multusAnnotationToString(multusAnnotations []NetworkAnnotation) string {
+ jsonData, err := json.Marshal(multusAnnotations)
+ if err != nil {
+ return ""
+ }
+ return string(jsonData)
+}
+
+func (r *PodReconciler) DetachNetAttachDef(ctx context.Context, multusNetAttachDef NetworkAnnotation, namespace string) error {
+
+ netAttachDef := &nettypes.NetworkAttachmentDefinition{}
+ err := r.Get(ctx, client.ObjectKey{
+ Name: multusNetAttachDef.Name,
+ Namespace: namespace,
+ }, netAttachDef)
+ if err != nil {
+ return err
+ }
+ err = r.Delete(ctx, netAttachDef)
+ return err
+
+}
diff --git a/internal/controller/pod_webhook.go b/internal/controller/pod_webhook.go
new file mode 100644
index 0000000000000000000000000000000000000000..641a965aa89acb5312060d52a0a1019aba5075b9
--- /dev/null
+++ b/internal/controller/pod_webhook.go
@@ -0,0 +1,120 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controller
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "net/http"
+
+ "sigs.k8s.io/controller-runtime/pkg/log"
+
+ corev1 "k8s.io/api/core/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io
+type PodAnnotator struct {
+ Client client.Client
+ Decoder *admission.Decoder
+ SwitchesNamespace string
+}
+
+func (a *PodAnnotator) Handle(ctx context.Context, req admission.Request) admission.Response {
+ log := log.FromContext(ctx)
+ log.Info("Registering pod")
+
+ // First we decode the pod
+ pod := &corev1.Pod{}
+ err := a.Decoder.Decode(req, pod)
+ if err != nil {
+ log.Error(err, "Error decoding pod")
+ return admission.Errored(http.StatusBadRequest, err)
+ }
+ if pod.Spec.NodeName == "" {
+ return admission.Errored(http.StatusBadRequest, fmt.Errorf("pod hasn't got a node assigned to it"))
+ }
+
+ // Check if the pod has the annotation l2sm/networks. This webhook operation only will happen if so. Else, it will just
+ // let the creation begin.
+ if annot, ok := pod.Annotations[L2SM_NETWORK_ANNOTATION]; ok {
+ if _, ok := pod.Annotations[MULTUS_ANNOTATION_KEY]; ok {
+ return admission.Allowed("Pod already using multus cni plugin")
+ }
+ netAttachDefLabel := NET_ATTACH_LABEL_PREFIX + pod.Spec.NodeName
+ // We extract which networks the user intends to attach the pod to. If there is any error, or the
+ // Networks aren't created, the pod will be set as errored, until a network is created.
+ networks, err := extractNetworks(annot, a.SwitchesNamespace)
+ if err != nil {
+ log.Error(err, "L2S-M Network annotations could not be extracted")
+ return admission.Errored(http.StatusInternalServerError, err)
+ }
+
+ if _, err := GetL2Networks(ctx, a.Client, networks); err != nil {
+ log.Info("Pod's network annotation incorrect. L2Network not attached.")
+ // return admission.Allowed("Pod's network annotation incorrect. L2Network not attached.")
+
+ }
+
+ // We get the available network attachment definitions. These are interfaces attached to the switches, so
+ // by using labelling, we can know which interfaces the switch has.
+ var multusAnnotations []NetworkAnnotation
+ netAttachDefs := GetFreeNetAttachDefs(ctx, a.Client, a.SwitchesNamespace, netAttachDefLabel)
+
+ // If there are no available network attachment definitions, we can't attach the pod to the desired networks
+ // So, we launch an error.
+ if len(netAttachDefs.Items) < len(networks) {
+ log.Info(fmt.Sprintf("No interfaces available for node %s", pod.Spec.NodeName))
+ return admission.Allowed("No interfaces available for node")
+ }
+
+ // Now we create the multus annotations, by using the network attachment definition name
+ // And the desired IP address.
+ for index, network := range networks {
+
+ netAttachDef := &netAttachDefs.Items[index]
+ newAnnotation := NetworkAnnotation{Name: netAttachDef.Name, IPAdresses: network.IPAdresses, Namespace: a.SwitchesNamespace}
+ netAttachDef.Labels[netAttachDefLabel] = "true"
+
+ err = a.Client.Update(ctx, netAttachDef)
+ if err != nil {
+ log.Error(err, "Could not update network attachment definition")
+
+ }
+ multusAnnotations = append(multusAnnotations, newAnnotation)
+ }
+ pod.Annotations[MULTUS_ANNOTATION_KEY] = multusAnnotationToString(multusAnnotations)
+
+ // pod.Annotations["k8s.v1.cni.cncf.io/networks"] = `[{"name": "veth10","ips": ["10.0.0.1/24"]}]`
+ log.Info("Pod assigned to the l2networks")
+
+ marshaledPod, err := json.Marshal(pod)
+ if err != nil {
+ log.Error(err, "Error marshaling pod")
+ return admission.Errored(http.StatusInternalServerError, err)
+ }
+ return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod)
+
+ }
+ return admission.Allowed("Pod not using l2sm networks")
+
+}
+
+func (a *PodAnnotator) InjectDecoder(d *admission.Decoder) error {
+ a.Decoder = d
+ return nil
+}
diff --git a/l2sm-api-resources/internal/controller/suite_test.go b/internal/controller/suite_test.go
similarity index 72%
rename from l2sm-api-resources/internal/controller/suite_test.go
rename to internal/controller/suite_test.go
index d6553f74e864183a5793c8853c54ec8106f34519..52623dc245d308d8ea304c4de00e69b3ddbbef65 100644
--- a/l2sm-api-resources/internal/controller/suite_test.go
+++ b/internal/controller/suite_test.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package controller
import (
@@ -35,7 +32,7 @@ import (
corev1 "k8s.io/api/core/v1"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
//+kubebuilder:scaffold:imports
)
diff --git a/internal/nedinterface/nedinterface.go b/internal/nedinterface/nedinterface.go
new file mode 100644
index 0000000000000000000000000000000000000000..cd35f8f6afc37b2bc019c9018a6545c44b33276c
--- /dev/null
+++ b/internal/nedinterface/nedinterface.go
@@ -0,0 +1,76 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package nedinterface
+
+import (
+ "context"
+ "fmt"
+ "time"
+
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/credentials/insecure"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+ nedpb "github.com/Networks-it-uc3m/l2sm-switch/pkg/nedpb"
+)
+
+// GetConnectionInfo communicates with the NED via gRPC and returns the InterfaceNum and NodeName.
+func AttachInterface(nedAddress, nedNetworkAttachDef string) (string, error) {
+
+ // Set up a connection to the server.
+ client, err := grpc.NewClient(nedAddress, grpc.WithTransportCredentials(insecure.NewCredentials()))
+ if err != nil {
+ return "", fmt.Errorf("did not connect: %v", err)
+ }
+
+ defer client.Close()
+
+ c := nedpb.NewNedServiceClient(client)
+
+ // Set a timeout for the context
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+ defer cancel()
+
+ // Now call AttachInterface
+ attachReq := &nedpb.AttachInterfaceRequest{
+ InterfaceName: nedNetworkAttachDef,
+ }
+
+ attachRes, err := c.AttachInterface(ctx, attachReq)
+ if err != nil {
+ return "", fmt.Errorf("could not attach interface: %v", err)
+ }
+
+ return fmt.Sprint(attachRes.GetInterfaceNum()), nil
+}
+
+func GetNetworkEdgeDevice(ctx context.Context, c client.Client, providerName string) (l2smv1.NetworkEdgeDevice, error) {
+ neds := &l2smv1.NetworkEdgeDeviceList{}
+
+ if err := c.List(ctx, neds); err != nil {
+ return l2smv1.NetworkEdgeDevice{}, fmt.Errorf("failed to list NetworkEdgeDevices: %w", err)
+ }
+
+ for _, ned := range neds.Items {
+ if ned.Spec.NetworkController.Name == providerName {
+ // Return the first matching device
+ return ned, nil
+ }
+ }
+
+ // Return a clearer message indicating the provider was not found.
+ return l2smv1.NetworkEdgeDevice{}, fmt.Errorf("no NetworkEdgeDevice found for provider: %s", providerName)
+}
diff --git a/l2sm-api-resources/internal/sdnclient/client.go b/internal/sdnclient/client.go
similarity index 57%
rename from l2sm-api-resources/internal/sdnclient/client.go
rename to internal/sdnclient/client.go
index 3e1f1db99eb3535412b324f9bdad451d118fc89d..ff6736cab25d085ade2fc705735b098312ed1b1a 100644
--- a/l2sm-api-resources/internal/sdnclient/client.go
+++ b/internal/sdnclient/client.go
@@ -1,26 +1,23 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package sdnclient
import (
"errors"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
)
type ClientType string
@@ -35,6 +32,7 @@ type Client interface {
CreateNetwork(networkType l2smv1.NetworkType, config interface{}) error
DeleteNetwork(networkType l2smv1.NetworkType, networkID string) error
CheckNetworkExists(networkType l2smv1.NetworkType, networkID string) (bool, error)
+ AttachPodToNetwork(networkType l2smv1.NetworkType, config interface{}) error
}
type ClientConfig struct {
@@ -54,7 +52,7 @@ func NewClient(clientType ClientType, config ClientConfig) (Client, error) {
}
return client, nil
case ExternalType:
- client := &ExternalClient{Session: sessionClient} // Adjust ExternalClient struct accordingly
+ client := &ExternalClient{Session: sessionClient}
if !client.beginSessionController() {
return nil, errors.New("could not initialize session with SDN controller. Please check the connection details and credentials.")
}
diff --git a/l2sm-api-resources/internal/sdnclient/external_client.go b/internal/sdnclient/external_client.go
similarity index 62%
rename from l2sm-api-resources/internal/sdnclient/external_client.go
rename to internal/sdnclient/external_client.go
index 6e98a4333edeadfefe24df595510ac146aef68fd..ecd9f7751601c67a939228eba0f9a808bbe5ba9f 100644
--- a/l2sm-api-resources/internal/sdnclient/external_client.go
+++ b/internal/sdnclient/external_client.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package sdnclient
import (
@@ -22,7 +19,7 @@ import (
"fmt"
"net/http"
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
)
// ExternalClient is part of the Client interface, and implements the SessionClient, which is a wrapper of the http function
@@ -89,3 +86,23 @@ func (c *ExternalClient) DeleteNetwork(networkType l2smv1.NetworkType, networkID
return nil
}
+
+// AttachPodToNetwork attaches a pod to a network, using the configuration file
+func (c *ExternalClient) AttachPodToNetwork(networkType l2smv1.NetworkType, config interface{}) error {
+
+ // jsonData, err := json.Marshal(config)
+ // if err != nil {
+ // return err
+ // }
+ // response, err := c.Session.Post("/idco/mscs", jsonData)
+ // if err != nil {
+ // return err
+ // }
+ // defer response.Body.Close()
+
+ // if response.StatusCode != http.StatusNoContent {
+ // return fmt.Errorf("failed to create network, status code: %d", response.StatusCode)
+ // }
+
+ return nil
+}
diff --git a/internal/sdnclient/internal_client.go b/internal/sdnclient/internal_client.go
new file mode 100644
index 0000000000000000000000000000000000000000..856bef0cac2ade2d0bd0992c5c44e98a931a1c2c
--- /dev/null
+++ b/internal/sdnclient/internal_client.go
@@ -0,0 +1,141 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sdnclient
+
+import (
+ "encoding/json"
+ "fmt"
+ "net/http"
+
+ l2smv1 "github.com/Networks-it-uc3m/L2S-M/api/v1"
+)
+
+// InternalClient is part of the Client interface, and implements the SessionClient, which is a wrapper of the http function.
+// this type of client is for the specific l2sm-controller onos app, which manages intra cluster networks.
+type InternalClient struct {
+ Session *SessionClient
+}
+
+type VnetPayload struct {
+ NetworkId string `json:"networkId"`
+}
+type VnetPortPayload struct {
+ NetworkId string `json:"networkId"`
+ Port []string `json:"networkEndpoints,omitempty"`
+}
+
+func (c *InternalClient) beginSessionController() bool {
+ resp, err := c.Session.Get("/vnets/api/status")
+
+ if err != nil {
+ fmt.Println(err)
+ return false
+ }
+ defer resp.Body.Close()
+ // Check if the status code indicates success (HTTP 200 OK).
+ return resp.StatusCode == http.StatusOK
+}
+
+// CreateNetwork creates a new network in the SDN controller
+func (c *InternalClient) CreateNetwork(networkType l2smv1.NetworkType, config interface{}) error {
+
+ //TODO: Remove hard-code
+ networkType = "vnets"
+ jsonData, err := json.Marshal(config)
+ if err != nil {
+ return err
+ }
+ response, err := c.Session.Post(fmt.Sprintf("/%s/api", networkType), jsonData)
+ if err != nil {
+ return err
+ }
+ defer response.Body.Close()
+
+ if response.StatusCode != http.StatusNoContent {
+ return fmt.Errorf("failed to create network, status code: %d", response.StatusCode)
+ }
+
+ return nil
+}
+
+// CheckNetworkExists checks if the specified network exists in the SDN controller
+func (c *InternalClient) CheckNetworkExists(networkType l2smv1.NetworkType, networkID string) (bool, error) {
+ networkType = "vnets"
+
+ response, err := c.Session.Get(fmt.Sprintf("/%s/api/%s", networkType, networkID))
+ if err != nil {
+ return false, err
+ }
+ defer response.Body.Close()
+
+ return response.StatusCode == http.StatusOK, nil
+}
+
+// DeleteNetwork deletes an existing network from the SDN controller
+func (c *InternalClient) DeleteNetwork(networkType l2smv1.NetworkType, networkID string) error {
+ networkType = "vnets"
+
+ response, err := c.Session.Delete(fmt.Sprintf("/%s/api/%s", networkType, networkID))
+ if err != nil {
+ return err
+ }
+
+ defer response.Body.Close()
+
+ if response.StatusCode != http.StatusNoContent {
+ return fmt.Errorf("SDN controller responded with status code: %d", response.StatusCode)
+ }
+
+ return nil
+}
+
+// AttachPodToNetwork checks if the specified network exists in the SDN controller
+func (c *InternalClient) AttachPodToNetwork(networkType l2smv1.NetworkType, config interface{}) error {
+
+ networkType = "vnets"
+ jsonData, err := json.Marshal(config)
+ if err != nil {
+ return err
+ }
+ response, err := c.Session.Post(fmt.Sprintf("/%s/api/port", networkType), jsonData)
+ if err != nil {
+ return err
+ }
+ defer response.Body.Close()
+
+ if response.StatusCode != http.StatusNoContent {
+ return fmt.Errorf("failed to create network, status code: %d", response.StatusCode)
+ }
+
+ return nil
+}
+
+// DetachPodFromNetwork detaches the pod from the network, so it can be used in the future
+// TODO: Implement in onos
+func (c *InternalClient) DetachPodFromNetwork(networkType l2smv1.NetworkType, portID string) error {
+
+ // networkType = "vnets"
+ // response, err := c.Session.Delete(fmt.Sprintf("%s/api/port/%s", networkType,portID))
+ // if err != nil {
+ // return err
+ // }
+ // defer response.Body.Close()
+
+ // if response.StatusCode != http.StatusNoContent {
+ // return fmt.Errorf("failed to create network, status code: %d", response.StatusCode)
+ // }
+
+ return nil
+}
diff --git a/l2sm-api-resources/internal/sdnclient/session_client.go b/internal/sdnclient/session_client.go
similarity index 70%
rename from l2sm-api-resources/internal/sdnclient/session_client.go
rename to internal/sdnclient/session_client.go
index d1a70e190d95e80406d17bb73729437e93a45427..cc69eab4f36b8d85ae102f3eb6880bd74875c54b 100644
--- a/l2sm-api-resources/internal/sdnclient/session_client.go
+++ b/internal/sdnclient/session_client.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package sdnclient
import (
diff --git a/internal/utils/utils.go b/internal/utils/utils.go
new file mode 100644
index 0000000000000000000000000000000000000000..943540c09003422123f3df4b119a79e06aa9e4f9
--- /dev/null
+++ b/internal/utils/utils.go
@@ -0,0 +1,135 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package utils
+
+import (
+ "bytes"
+ "crypto/sha1"
+ "crypto/sha256"
+ "encoding/hex"
+ "fmt"
+ "strings"
+
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/serializer/json"
+)
+
+// ContainsString checks if a string is present in a slice.
+func ContainsString(slice []string, s string) bool {
+ for _, item := range slice {
+ if item == s {
+ return true
+ }
+ }
+ return false
+}
+
+// RemoveString removes a string from a slice.
+func RemoveString(slice []string, s string) []string {
+ var result []string
+ for _, item := range slice {
+ if item != s {
+ result = append(result, item)
+ }
+ }
+ return result
+}
+
+func Int32Ptr(i int32) *int32 { return &i }
+
+func GenerateHash(obj runtime.Object) string {
+ // Serializer that handles runtime.Objects specifically for Kubernetes
+ s := json.NewSerializerWithOptions(json.DefaultMetaFactory, nil, nil, json.SerializerOptions{Yaml: false, Pretty: false, Strict: true})
+
+ // Create a buffer to hold the JSON data
+ var b bytes.Buffer
+
+ // Encode the object to JSON; handle runtime objects appropriately
+ err := s.Encode(obj, &b)
+ if err != nil {
+ return ""
+ }
+
+ // Compute the SHA-1 hash of the JSON representation
+ hash := sha1.Sum(b.Bytes())
+ return hex.EncodeToString(hash[:5])
+}
+
+func SpecToJson(obj runtime.Object) bytes.Buffer {
+ s := json.NewSerializerWithOptions(json.DefaultMetaFactory, nil, nil, json.SerializerOptions{Yaml: false, Pretty: false, Strict: true})
+
+ // Create a buffer to hold the JSON data
+ var b bytes.Buffer
+
+ // Encode the object to JSON; handle runtime objects appropriately
+ s.Encode(obj, &b)
+
+ return b
+}
+
+// GetPortNumberFromNetAttachDef extracts the port number from the network attachment name.
+func GetPortNumberFromNetAttachDef(netAttachName string) (string, error) {
+ const keyword = "veth"
+
+ // Check if the keyword exists in the netAttachName
+ index := strings.Index(netAttachName, keyword)
+ if index == -1 {
+ return "", fmt.Errorf("keyword '%s' not found in network attachment name", keyword)
+ }
+
+ // Extract the port number after the keyword
+ portNumber := netAttachName[index+len(keyword):]
+ if portNumber == "" {
+ return "", fmt.Errorf("port number not found after keyword '%s'", keyword)
+ }
+
+ return portNumber, nil
+}
+
+// generateDatapathID generates a datapath ID from the switch name
+func GenerateDatapathID(switchName string) string {
+ // Create a new SHA256 hash object
+ hash := sha256.New()
+
+ // Write the switch name to the hash object
+ hash.Write([]byte(switchName))
+
+ // Get the hashed bytes
+ hashedBytes := hash.Sum(nil)
+
+ // Take the first 8 bytes of the hash to create a 64-bit ID
+ dpidBytes := hashedBytes[:8]
+
+ // Convert the bytes to a hexadecimal string
+ dpid := hex.EncodeToString(dpidBytes)
+
+ return dpid
+}
+
+type BridgeParams struct {
+ NodeName string
+ ProviderName string
+}
+
+func GetBridgeName(params BridgeParams) string {
+ hash := sha256.New()
+ hash.Write([]byte(fmt.Sprintf("%s%s", params.NodeName, params.ProviderName)))
+ hashedBytes := hash.Sum(nil)
+ dpidBytes := hashedBytes[:4]
+
+ // Convert the bytes to a hexadecimal string
+ dpid := hex.EncodeToString(dpidBytes)
+ return fmt.Sprintf("br-%s", dpid)
+}
diff --git a/l2sm-api-resources/.dockerignore b/l2sm-api-resources/.dockerignore
deleted file mode 100644
index a3aab7af70cd8a107975af478bf654d0ca540384..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/.dockerignore
+++ /dev/null
@@ -1,3 +0,0 @@
-# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
-# Ignore build and test binaries.
-bin/
diff --git a/l2sm-api-resources/.gitignore b/l2sm-api-resources/.gitignore
deleted file mode 100644
index 7a7feec5045888cd18e277b2111fc7d209e7711e..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/.gitignore
+++ /dev/null
@@ -1,28 +0,0 @@
-
-# Binaries for programs and plugins
-*.exe
-*.exe~
-*.dll
-*.so
-*.dylib
-bin/*
-Dockerfile.cross
-
-# Test binary, built with `go test -c`
-*.test
-
-# Output of the go coverage tool, specifically when used with LiteIDE
-*.out
-
-# Go workspace file
-go.work
-
-# Kubernetes Generated files - skip generated files, except for vendored files
-!vendor/**/zz_generated.*
-
-# editor and IDE paraphernalia
-.idea
-.vscode
-*.swp
-*.swo
-*~
diff --git a/l2sm-api-resources/.golangci.yml b/l2sm-api-resources/.golangci.yml
deleted file mode 100644
index aed8644d11ecc959690cd472af2895533bfba80d..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/.golangci.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-run:
- deadline: 5m
- allow-parallel-runners: true
-
-issues:
- # don't skip warning about doc comments
- # don't exclude the default set of lint
- exclude-use-default: false
- # restore some of the defaults
- # (fill in the rest as needed)
- exclude-rules:
- - path: "api/*"
- linters:
- - lll
- - path: "internal/*"
- linters:
- - dupl
- - lll
-linters:
- disable-all: true
- enable:
- - dupl
- - errcheck
- - exportloopref
- - goconst
- - gocyclo
- - gofmt
- - goimports
- - gosimple
- - govet
- - ineffassign
- - lll
- - misspell
- - nakedret
- - prealloc
- - staticcheck
- - typecheck
- - unconvert
- - unparam
- - unused
diff --git a/l2sm-api-resources/PROJECT b/l2sm-api-resources/PROJECT
deleted file mode 100644
index 208c192f767d7161b3a13eb90af8f1e159dd0c20..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/PROJECT
+++ /dev/null
@@ -1,25 +0,0 @@
-# Code generated by tool. DO NOT EDIT.
-# This file is used to track the info used to scaffold your project
-# and allow the plugins properly work.
-# More info: https://book.kubebuilder.io/reference/project-config.html
-domain: l2sm.k8s.local
-layout:
-- go.kubebuilder.io/v4
-projectName: l2smnetwork
-repo: l2sm.k8s.local/l2smnetwork
-resources:
-- api:
- crdVersion: v1
- namespaced: true
- controller: true
- domain: l2sm.k8s.local
- group: l2sm
- kind: L2SMNetwork
- path: l2sm.k8s.local/l2smnetwork/api/v1
- version: v1
-- controller: true
- group: core
- kind: Pod
- path: k8s.io/api/core/v1
- version: v1
-version: "3"
diff --git a/l2sm-api-resources/README.md b/l2sm-api-resources/README.md
deleted file mode 100644
index 483a4b786d5f50ff84dd21e348209ecb1d89a020..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/README.md
+++ /dev/null
@@ -1,131 +0,0 @@
-<!---
- Copyright 2024 Universidad Carlos III de Madrid
-
- Licensed under the Apache License, Version 2.0 (the "License"); you may not
- use this file except in compliance with the License. You may obtain a copy
- of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations under
- the License.
-
- SPDX-License-Identifier: Apache-2.0
--->
-
-# l2smnetwork
-The "l2smnetworks" component is essentially a set of Custom Resource Definitions (CRDs) accompanied by a controller and a manager. It's designed to manage the virtual networks that L2S-M uses between pods within a K8s cluster. These virtual networks facilitate isolated link-layer connectivity among pods, enhancing security and network efficiency.
-## Description
-
-Link-Layer Secure connectivity for Microservice platforms (L2S-M) is a K8s networking solution that complements the CNI plugin approach of K8s to create and manage virtual networks in K8s clusters. These virtual networks allow workloads (pods) to have isolated link-layer connectivity with other pods in a K8s cluster, regardless of the k8s node where they are actually deployed. L2S-M enables the creation/deletion of virtual networks on-demand, as well as attaching/detaching pods to that networks. [More info can be found in the original repo.](https://github.com/Networks-it-uc3m/L2S-M)
-## Getting Started
-
-### Prerequisites
-- go version v1.21.0+
-- docker version 17.03+.
-- kubectl version v1.11.3+.
-- Access to a Kubernetes v1.11.3+ cluster.
-
-### To Deploy on the cluster
-**Build and push your image to the location specified by `IMG`:**
-
-```sh
-make docker-build docker-push IMG=<some-registry>/l2smnetwork:tag
-```
-
-**NOTE:** This image ought to be published in the personal registry you specified.
-And it is required to have access to pull the image from the working environment.
-Make sure you have the proper permission to the registry if the above commands don’t work.
-
-**Install the CRDs into the cluster:**
-
-```sh
-make install
-```
-
-**Deploy the Manager to the cluster with the image specified by `IMG`:**
-
-```sh
-make deploy IMG=<some-registry>/l2smnetwork:tag
-```
-
-> **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin
-privileges or be logged in as admin.
-
-**Create instances of your solution**
-You can apply the samples (examples) from the config/sample:
-
-```sh
-kubectl apply -k config/samples/
-```
-
->**NOTE**: Ensure that the samples has default values to test it out.
-
-### To Uninstall
-**Delete the instances (CRs) from the cluster:**
-
-```sh
-kubectl delete -k config/samples/
-```
-
-**Delete the APIs(CRDs) from the cluster:**
-
-```sh
-make uninstall
-```
-
-**UnDeploy the controller from the cluster:**
-
-```sh
-make undeploy
-```
-
-## Project Distribution
-
-Following are the steps to build the installer and distribute this project to users.
-
-1. Build the installer for the image built and published in the registry:
-
-```sh
-make build-installer IMG=<some-registry>/l2smnetwork:tag
-```
-
-NOTE: The makefile target mentioned above generates an 'install.yaml'
-file in the dist directory. This file contains all the resources built
-with Kustomize, which are necessary to install this project without
-its dependencies.
-
-2. Using the installer
-
-Users can just run kubectl apply -f <URL for YAML BUNDLE> to install the project, i.e.:
-
-```sh
-kubectl apply -f https://raw.githubusercontent.com/<org>/l2smnetwork/<tag or branch>/dist/install.yaml
-```
-
-## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
-
-**NOTE:** Run `make help` for more information on all potential `make` targets
-
-More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
-
-## License
-
-Copyright 2024.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
diff --git a/l2sm-api-resources/api/v1/groupversion_info.go b/l2sm-api-resources/api/v1/groupversion_info.go
deleted file mode 100644
index f057ab06adcac1d5f9fd92996e83a9d6354987bb..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/api/v1/groupversion_info.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-// Package v1 contains API Schema definitions for the l2sm v1 API group
-// +kubebuilder:object:generate=true
-// +groupName=l2sm.l2sm.k8s.local
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/runtime/schema"
- "sigs.k8s.io/controller-runtime/pkg/scheme"
-)
-
-var (
- // GroupVersion is group version used to register these objects
- GroupVersion = schema.GroupVersion{Group: "l2sm.l2sm.k8s.local", Version: "v1"}
-
- // SchemeBuilder is used to add go types to the GroupVersionKind scheme
- SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
-
- // AddToScheme adds the types in this group-version to the given scheme.
- AddToScheme = SchemeBuilder.AddToScheme
-)
diff --git a/l2sm-api-resources/api/v1/zz_generated.deepcopy.go b/l2sm-api-resources/api/v1/zz_generated.deepcopy.go
deleted file mode 100644
index be934a20fa0998003c7cccbb1ce41a7710f0592d..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/api/v1/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,155 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-//go:build !ignore_autogenerated
-
-// Code generated by controller-gen. DO NOT EDIT.
-
-package v1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *L2SMNetwork) DeepCopyInto(out *L2SMNetwork) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
- in.Spec.DeepCopyInto(&out.Spec)
- in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2SMNetwork.
-func (in *L2SMNetwork) DeepCopy() *L2SMNetwork {
- if in == nil {
- return nil
- }
- out := new(L2SMNetwork)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *L2SMNetwork) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *L2SMNetworkList) DeepCopyInto(out *L2SMNetworkList) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ListMeta.DeepCopyInto(&out.ListMeta)
- if in.Items != nil {
- in, out := &in.Items, &out.Items
- *out = make([]L2SMNetwork, len(*in))
- for i := range *in {
- (*in)[i].DeepCopyInto(&(*out)[i])
- }
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2SMNetworkList.
-func (in *L2SMNetworkList) DeepCopy() *L2SMNetworkList {
- if in == nil {
- return nil
- }
- out := new(L2SMNetworkList)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *L2SMNetworkList) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *L2SMNetworkSpec) DeepCopyInto(out *L2SMNetworkSpec) {
- *out = *in
- if in.Config != nil {
- in, out := &in.Config, &out.Config
- *out = new(string)
- **out = **in
- }
- if in.Provider != nil {
- in, out := &in.Provider, &out.Provider
- *out = new(ProviderSpec)
- **out = **in
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2SMNetworkSpec.
-func (in *L2SMNetworkSpec) DeepCopy() *L2SMNetworkSpec {
- if in == nil {
- return nil
- }
- out := new(L2SMNetworkSpec)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *L2SMNetworkStatus) DeepCopyInto(out *L2SMNetworkStatus) {
- *out = *in
- if in.ConnectedPods != nil {
- in, out := &in.ConnectedPods, &out.ConnectedPods
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- if in.InternalConnectivity != nil {
- in, out := &in.InternalConnectivity, &out.InternalConnectivity
- *out = new(ConnectivityStatus)
- **out = **in
- }
- if in.ProviderConnectivity != nil {
- in, out := &in.ProviderConnectivity, &out.ProviderConnectivity
- *out = new(ConnectivityStatus)
- **out = **in
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L2SMNetworkStatus.
-func (in *L2SMNetworkStatus) DeepCopy() *L2SMNetworkStatus {
- if in == nil {
- return nil
- }
- out := new(L2SMNetworkStatus)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.
-func (in *ProviderSpec) DeepCopy() *ProviderSpec {
- if in == nil {
- return nil
- }
- out := new(ProviderSpec)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/l2sm-api-resources/config/default/kustomization.yaml b/l2sm-api-resources/config/default/kustomization.yaml
deleted file mode 100644
index 35442a6557406150158b3d6688c98192cb07f965..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/default/kustomization.yaml
+++ /dev/null
@@ -1,159 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-# Adds namespace to all resources.
-namespace: l2smnetwork-system
-
-# Value of this field is prepended to the
-# names of all resources, e.g. a deployment named
-# "wordpress" becomes "alices-wordpress".
-# Note that it should also match with the prefix (text before '-') of the namespace
-# field above.
-namePrefix: l2smnetwork-
-
-# Labels to add to all resources and selectors.
-#labels:
-#- includeSelectors: true
-# pairs:
-# someName: someValue
-
-resources:
-- ../crd
-- ../rbac
-- ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- ../webhook
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
-# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-#- ../prometheus
-
-patches:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- path: manager_auth_proxy_patch.yaml
-
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- path: manager_webhook_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
-# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
-# 'CERTMANAGER' needs to be enabled to use ca injection
-#- path: webhookcainjection_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-# Uncomment the following replacements to add the cert-manager CA injection annotations
-#replacements:
-# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-# fieldPath: .metadata.namespace # namespace of the certificate CR
-# targets:
-# - select:
-# kind: ValidatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - select:
-# kind: MutatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - select:
-# kind: CustomResourceDefinition
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - source:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-# fieldPath: .metadata.name
-# targets:
-# - select:
-# kind: ValidatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - select:
-# kind: MutatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - select:
-# kind: CustomResourceDefinition
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - source: # Add cert-manager annotation to the webhook Service
-# kind: Service
-# version: v1
-# name: webhook-service
-# fieldPath: .metadata.name # namespace of the service
-# targets:
-# - select:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# fieldPaths:
-# - .spec.dnsNames.0
-# - .spec.dnsNames.1
-# options:
-# delimiter: '.'
-# index: 0
-# create: true
-# - source:
-# kind: Service
-# version: v1
-# name: webhook-service
-# fieldPath: .metadata.namespace # namespace of the service
-# targets:
-# - select:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# fieldPaths:
-# - .spec.dnsNames.0
-# - .spec.dnsNames.1
-# options:
-# delimiter: '.'
-# index: 1
-# create: true
diff --git a/l2sm-api-resources/config/default/manager_config_patch.yaml b/l2sm-api-resources/config/default/manager_config_patch.yaml
deleted file mode 100644
index f1dbdac9c428d9e133efa757402aa8cb39a83a6c..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/default/manager_config_patch.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: controller-manager
- namespace: system
-spec:
- template:
- spec:
- containers:
- - name: manager
diff --git a/l2sm-api-resources/config/manager/kustomization.yaml b/l2sm-api-resources/config/manager/kustomization.yaml
deleted file mode 100644
index 9710a242fb5e0448b88d5480c4cc6fd899735cbd..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/manager/kustomization.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-resources:
-- manager.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-images:
-- name: controller
- newName: controller
- newTag: latest
diff --git a/l2sm-api-resources/config/prometheus/kustomization.yaml b/l2sm-api-resources/config/prometheus/kustomization.yaml
deleted file mode 100644
index 2c9e62839803f283657d2a8b55fc5186e3925aa9..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/prometheus/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-resources:
-- monitor.yaml
diff --git a/l2sm-api-resources/config/rbac/auth_proxy_client_clusterrole.yaml b/l2sm-api-resources/config/rbac/auth_proxy_client_clusterrole.yaml
deleted file mode 100644
index b0a07c147bff686e39af8798ad143402b2df6203..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/auth_proxy_client_clusterrole.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: metrics-reader
- app.kubernetes.io/component: kube-rbac-proxy
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: metrics-reader
-rules:
-- nonResourceURLs:
- - "/metrics"
- verbs:
- - get
diff --git a/l2sm-api-resources/config/rbac/auth_proxy_role.yaml b/l2sm-api-resources/config/rbac/auth_proxy_role.yaml
deleted file mode 100644
index 127554b9df1308252314967ad5f97e2b65496074..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/auth_proxy_role.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: proxy-role
- app.kubernetes.io/component: kube-rbac-proxy
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: proxy-role
-rules:
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
diff --git a/l2sm-api-resources/config/rbac/auth_proxy_role_binding.yaml b/l2sm-api-resources/config/rbac/auth_proxy_role_binding.yaml
deleted file mode 100644
index cbd7e4a5dbe355ba8764323114ab7a93eb0e2aa0..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/auth_proxy_role_binding.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: clusterrolebinding
- app.kubernetes.io/instance: proxy-rolebinding
- app.kubernetes.io/component: kube-rbac-proxy
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: proxy-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: proxy-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/l2sm-api-resources/config/rbac/auth_proxy_service.yaml b/l2sm-api-resources/config/rbac/auth_proxy_service.yaml
deleted file mode 100644
index 876b6b40198b30158d6c28b99896af162bacbb78..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/auth_proxy_service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- control-plane: controller-manager
- app.kubernetes.io/name: service
- app.kubernetes.io/instance: controller-manager-metrics-service
- app.kubernetes.io/component: kube-rbac-proxy
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: controller-manager-metrics-service
- namespace: system
-spec:
- ports:
- - name: https
- port: 8443
- protocol: TCP
- targetPort: https
- selector:
- control-plane: controller-manager
diff --git a/l2sm-api-resources/config/rbac/l2smnetwork_editor_role.yaml b/l2sm-api-resources/config/rbac/l2smnetwork_editor_role.yaml
deleted file mode 100644
index 09f6b7c4e389dd99eecd3114458f6487679cd640..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/l2smnetwork_editor_role.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-# permissions for end users to edit l2smnetworks.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: l2smnetwork-editor-role
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: l2smnetwork-editor-role
-rules:
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks/status
- verbs:
- - get
diff --git a/l2sm-api-resources/config/rbac/l2smnetwork_viewer_role.yaml b/l2sm-api-resources/config/rbac/l2smnetwork_viewer_role.yaml
deleted file mode 100644
index a6a5603050a10858dc3189bd4e80cd2d894185bf..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/l2smnetwork_viewer_role.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-# permissions for end users to view l2smnetworks.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: l2smnetwork-viewer-role
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: l2smnetwork-viewer-role
-rules:
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks/status
- verbs:
- - get
diff --git a/l2sm-api-resources/config/rbac/leader_election_role_binding.yaml b/l2sm-api-resources/config/rbac/leader_election_role_binding.yaml
deleted file mode 100644
index acb953fda1361526486a0aa95d22c06e6b9b3fb5..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/leader_election_role_binding.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: rolebinding
- app.kubernetes.io/instance: leader-election-rolebinding
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: leader-election-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: leader-election-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/l2sm-api-resources/config/rbac/role.yaml b/l2sm-api-resources/config/rbac/role.yaml
deleted file mode 100644
index 863c1a2d9b2b74d6c41ad36af41096cb6025cd98..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/role.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: manager-role
-rules:
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks/finalizers
- verbs:
- - update
-- apiGroups:
- - l2sm.l2sm.k8s.local
- resources:
- - l2smnetworks/status
- verbs:
- - get
- - patch
- - update
diff --git a/l2sm-api-resources/config/rbac/role_binding.yaml b/l2sm-api-resources/config/rbac/role_binding.yaml
deleted file mode 100644
index 4106a195ac116f48a9a5f9f490fffe519a5b4b17..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/role_binding.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: clusterrolebinding
- app.kubernetes.io/instance: manager-rolebinding
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: manager-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/l2sm-api-resources/config/rbac/service_account.yaml b/l2sm-api-resources/config/rbac/service_account.yaml
deleted file mode 100644
index 2bda52697051a2b6e4c2ed0ad6f046ec3e15880f..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/rbac/service_account.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: serviceaccount
- app.kubernetes.io/instance: controller-manager-sa
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: l2smnetwork
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- name: controller-manager
- namespace: system
diff --git a/l2sm-api-resources/config/samples/kustomization.yaml b/l2sm-api-resources/config/samples/kustomization.yaml
deleted file mode 100644
index eeb1c3c2eec92c74274b5480132de57e19c5a657..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/samples/kustomization.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-## Append samples of your project ##
-resources:
-- l2sm_v1_l2smnetwork.yaml
-#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/l2sm-api-resources/config/samples/l2sm_v1_l2smnetwork.yaml b/l2sm-api-resources/config/samples/l2sm_v1_l2smnetwork.yaml
deleted file mode 100644
index 0faf07eeb18b33c92d71e2d685f411ee097a7971..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/config/samples/l2sm_v1_l2smnetwork.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright 2024 Universidad Carlos III de Madrid
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#-------------------------------------------------------------------------------
-apiVersion: l2sm.l2sm.k8s.local/v1
-kind: L2SMNetwork
-metadata:
- labels:
- app.kubernetes.io/name: l2smnetwork
- app.kubernetes.io/instance: l2smnetwork-sample
- app.kubernetes.io/part-of: l2smnetwork
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/created-by: l2smnetwork
- name: l2smnetwork-sample
-spec:
- # TODO(user): Add fields here
diff --git a/l2sm-api-resources/hack/boilerplate.go.txt b/l2sm-api-resources/hack/boilerplate.go.txt
deleted file mode 100644
index 7e327b53e3cf53dba249a602e9dbcb890cce5d4d..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/hack/boilerplate.go.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
-*******************************************************************************/
diff --git a/l2sm-api-resources/internal/controller/pod_controlleg b/l2sm-api-resources/internal/controller/pod_controlleg
deleted file mode 100644
index 59e8d28753c3f1ec95e0afb1861354e7249c7b87..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/internal/controller/pod_controlleg
+++ /dev/null
@@ -1,91 +0,0 @@
-// /*******************************************************************************
-// * Copyright 2024 Universidad Carlos III de Madrid
-// *
-// * Licensed under the Apache License, Version 2.0 (the "License"); you may not
-// * use this file except in compliance with the License. You may obtain a copy
-// * of the License at
-// *
-// * http://www.apache.org/licenses/LICENSE-2.0
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// * License for the specific language governing permissions and limitations under
-// * the License.
-// *
-// * SPDX-License-Identifier: Apache-2.0
-// *******************************************************************************/
-
-// package controller
-
-// import (
-// "context"
-
-// corev1 "k8s.io/api/core/v1"
-// "k8s.io/apimachinery/pkg/runtime"
-// ctrl "sigs.k8s.io/controller-runtime"
-// "sigs.k8s.io/controller-runtime/pkg/client"
-// "sigs.k8s.io/controller-runtime/pkg/log"
-// )
-
-// // PodReconciler reconciles a Pod object
-// type PodReconciler struct {
-// client.Client
-// Scheme *runtime.Scheme
-// }
-
-// //+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
-// //+kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;update;patch
-// //+kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=update
-
-// // Reconcile is part of the main kubernetes reconciliation loop which aims to
-// // move the current state of the cluster closer to the desired state.
-// // TODO(user): Modify the Reconcile function to compare the state specified by
-// // the Pod object against the actual cluster state, and then
-// // perform operations to make the cluster state reflect the state specified by
-// // the user.
-// //
-// // For more details, check Reconcile and its Result here:
-// // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
-// func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-// _ = log.FromContext(ctx)
-
-// pod := &corev1.Pod{}
-// err := r.Get(ctx, req.NamespacedName, pod)
-// if err != nil {
-// // Error reading the object - requeue the request.
-// return ctrl.Result{}, client.IgnoreNotFound(err)
-// }
-
-// // TODO: implement
-// // Check if the 'l2sm/network' annotation is present
-// if _, ok := pod.GetAnnotations()["l2sm/networkss"]; ok {
-// // Ensure the Multus annotation is correctly formatted and present
-// multusAnnotation := "k8s.v1.cni.cncf.io/networks"
-// desiredAnnotationValue := "veth1"
-
-// // Update the Pod with the Multus annotation if it's not already set
-// annotations := pod.GetAnnotations()
-// if annotations == nil {
-// annotations = map[string]string{}
-// }
-
-// // Update only if necessary
-// if current, exists := annotations[multusAnnotation]; !exists || current != desiredAnnotationValue {
-// annotations[multusAnnotation] = desiredAnnotationValue
-// pod.SetAnnotations(annotations)
-// if err := r.Update(ctx, pod); err != nil {
-// // If the update fails, requeue the request
-// return ctrl.Result{}, err
-// }
-// }
-// }
-// return ctrl.Result{}, nil
-// }
-
-// // SetupWithManager sets up the controller with the Manager.
-// func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error {
-// return ctrl.NewControllerManagedBy(mgr).
-// For(&corev1.Pod{}).
-// Complete(r)
-// }
diff --git a/l2sm-api-resources/internal/controller/pod_controller_te b/l2sm-api-resources/internal/controller/pod_controller_te
deleted file mode 100644
index 91ab2becd4b36e6dd0dfff8c155f340ea96f946f..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/internal/controller/pod_controller_te
+++ /dev/null
@@ -1,34 +0,0 @@
-// /*******************************************************************************
-// * Copyright 2024 Universidad Carlos III de Madrid
-// *
-// * Licensed under the Apache License, Version 2.0 (the "License"); you may not
-// * use this file except in compliance with the License. You may obtain a copy
-// * of the License at
-// *
-// * http://www.apache.org/licenses/LICENSE-2.0
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// * License for the specific language governing permissions and limitations under
-// * the License.
-// *
-// * SPDX-License-Identifier: Apache-2.0
-// *******************************************************************************/
-
-// package controller
-
-// import (
-// . "github.com/onsi/ginkgo/v2"
-// )
-
-// var _ = Describe("Pod Controller", func() {
-// Context("When reconciling a resource", func() {
-
-// It("should successfully reconcile the resource", func() {
-
-// // TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
-// // Example: If you expect a certain status condition after reconciliation, verify it here.
-// })
-// })
-// })
diff --git a/l2sm-api-resources/internal/sdnclient/internal_client.go b/l2sm-api-resources/internal/sdnclient/internal_client.go
deleted file mode 100644
index 8fc2cbd8a90930b66c8f0e231e779d0fbc9c18b9..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/internal/sdnclient/internal_client.go
+++ /dev/null
@@ -1,100 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package sdnclient
-
-import (
- "encoding/json"
- "fmt"
- "net/http"
-
- l2smv1 "l2sm.k8s.local/l2smnetwork/api/v1"
-)
-
-// InternalClient is part of the Client interface, and implements the SessionClient, which is a wrapper of the http function.
-// this type of client is for the specific l2sm-controller onos app, which manages intra cluster networks.
-type InternalClient struct {
- Session *SessionClient
-}
-
-type VnetPayload struct {
- NetworkId string `json:"networkId"`
-}
-
-func (c *InternalClient) beginSessionController() bool {
- resp, err := c.Session.Get("/l2sm/networks/status")
- if err != nil {
- return false
- }
- defer resp.Body.Close()
-
- // Check if the status code indicates success (HTTP 200 OK).
- return resp.StatusCode == http.StatusOK
-}
-
-// CreateNetwork creates a new network in the SDN controller
-func (c *InternalClient) CreateNetwork(networkType l2smv1.NetworkType, config interface{}) error {
-
- //TODO: Remove hard-code
- networkType = "networks"
- jsonData, err := json.Marshal(config)
- if err != nil {
- return err
- }
- response, err := c.Session.Post(fmt.Sprintf("/l2sm/%s", networkType), jsonData)
- if err != nil {
- return err
- }
- defer response.Body.Close()
-
- if response.StatusCode != http.StatusNoContent {
- return fmt.Errorf("failed to create network, status code: %d", response.StatusCode)
- }
-
- return nil
-}
-
-// CheckNetworkExists checks if the specified network exists in the SDN controller
-func (c *InternalClient) CheckNetworkExists(networkType l2smv1.NetworkType, networkID string) (bool, error) {
- networkType = "networks"
-
- response, err := c.Session.Get(fmt.Sprintf("/l2sm/%s/%s", networkType, networkID))
- if err != nil {
- return false, err
- }
- defer response.Body.Close()
-
- return response.StatusCode == http.StatusOK, nil
-}
-
-// DeleteNetwork deletes an existing network from the SDN controller
-func (c *InternalClient) DeleteNetwork(networkType l2smv1.NetworkType, networkID string) error {
- networkType = "networks"
-
- response, err := c.Session.Delete(fmt.Sprintf("/l2sm/%s/%s", networkType, networkID))
- if err != nil {
- return err
- }
-
- defer response.Body.Close()
-
- if response.StatusCode != http.StatusNoContent {
- return fmt.Errorf("SDN controller responded with status code: %d", response.StatusCode)
- }
-
- return nil
-}
diff --git a/l2sm-api-resources/internal/utils/utils.go b/l2sm-api-resources/internal/utils/utils.go
deleted file mode 100644
index daa6a1525c8d5c69fbfd8eb7a03584924f7bba6b..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/internal/utils/utils.go
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package utils
-
-// ContainsString checks if a string is present in a slice.
-func ContainsString(slice []string, s string) bool {
- for _, item := range slice {
- if item == s {
- return true
- }
- }
- return false
-}
-
-// RemoveString removes a string from a slice.
-func RemoveString(slice []string, s string) []string {
- var result []string
- for _, item := range slice {
- if item != s {
- result = append(result, item)
- }
- }
- return result
-}
diff --git a/l2sm-api-resources/test/e2e/e2e_suite_test.go b/l2sm-api-resources/test/e2e/e2e_suite_test.go
deleted file mode 100644
index 0666eea03755751e573cc8d0b6ea9b41b22c5b81..0000000000000000000000000000000000000000
--- a/l2sm-api-resources/test/e2e/e2e_suite_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
-package e2e
-
-import (
- "fmt"
- "testing"
-
- . "github.com/onsi/ginkgo/v2"
- . "github.com/onsi/gomega"
-)
-
-// Run e2e tests using the Ginkgo runner.
-func TestE2E(t *testing.T) {
- RegisterFailHandler(Fail)
- fmt.Fprintf(GinkgoWriter, "Starting l2smnetwork suite\n")
- RunSpecs(t, "e2e suite")
-}
diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..9d17ae78e747918adad760d5cbeb3032b4bf2942
--- /dev/null
+++ b/test/e2e/e2e_suite_test.go
@@ -0,0 +1,30 @@
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package e2e
+
+import (
+ "fmt"
+ "testing"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+)
+
+// Run e2e tests using the Ginkgo runner.
+func TestE2E(t *testing.T) {
+ RegisterFailHandler(Fail)
+ fmt.Fprintf(GinkgoWriter, "Starting l2network suite\n")
+ RunSpecs(t, "e2e suite")
+}
diff --git a/l2sm-api-resources/test/e2e/e2e_test.go b/test/e2e/e2e_test.go
similarity index 75%
rename from l2sm-api-resources/test/e2e/e2e_test.go
rename to test/e2e/e2e_test.go
index cb4ab2b6b434ea9a763db7715636637663093877..6a828bb9b806ac461d6f2ca98f24c65a63917b6f 100644
--- a/l2sm-api-resources/test/e2e/e2e_test.go
+++ b/test/e2e/e2e_test.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package e2e
import (
@@ -25,10 +22,10 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
- "l2sm.k8s.local/l2smnetwork/test/utils"
+ "github.com/Networks-it-uc3m/L2S-M/test/utils"
)
-const namespace = "l2smnetwork-system"
+const namespace = "l2network-system"
var _ = Describe("controller", Ordered, func() {
BeforeAll(func() {
@@ -61,7 +58,7 @@ var _ = Describe("controller", Ordered, func() {
var err error
// projectimage stores the name of the image used in the example
- var projectimage = "example.com/l2smnetwork:v0.0.1"
+ var projectimage = "example.com/l2network:v0.0.1"
By("building the manager(Operator) image")
cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage))
diff --git a/l2sm-api-resources/test/utils/utils.go b/test/utils/utils.go
similarity index 81%
rename from l2sm-api-resources/test/utils/utils.go
rename to test/utils/utils.go
index 07289b18ed7e53670125dcca4e07e74598f439e0..b19540664e58c1fec7d04a185644353eb31a9e99 100644
--- a/l2sm-api-resources/test/utils/utils.go
+++ b/test/utils/utils.go
@@ -1,20 +1,17 @@
-/*******************************************************************************
- * Copyright 2024 Universidad Carlos III de Madrid
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- ******************************************************************************/
+// Copyright 2024 Universidad Carlos III de Madrid
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package utils
import (