diff --git a/VERSION b/VERSION index 07feb823..47d04a52 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.17.0 \ No newline at end of file +0.18.0 \ No newline at end of file diff --git a/bundle/manifests/temporal-operator.clusterserviceversion.yaml b/bundle/manifests/temporal-operator.clusterserviceversion.yaml index 246fb733..1bf9b2bf 100644 --- a/bundle/manifests/temporal-operator.clusterserviceversion.yaml +++ b/bundle/manifests/temporal-operator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: "ui": { "enabled": true }, - "version": "1.20.0" + "version": "1.23.0" } }, { @@ -74,55 +74,15 @@ metadata: "description": "Accounting team namespace", "retentionPeriod": "168h" } - }, - { - "apiVersion": "temporal.io/v1beta1", - "kind": "TemporalWorkerProcess", - "metadata": { - "name": "temporalworkerprocess-sample" - }, - "spec": { - "builder": { - "attempt": 3, - "buildDir": "samples-go/helloworld", - "buildRegistry": { - "passwordSecretRef": { - "key": "PASSWORD", - "name": "docker-password" - }, - "repository": "docker.io", - "username": "ktenzer" - }, - "enabled": false, - "gitRepository": { - "reference": { - "branch": "main" - }, - "url": "https://github.com/ktenzer/samples-go.git" - }, - "image": "quay.io/podman/stable", - "version": "latest" - }, - "clusterRef": { - "name": "prod", - "namespace": "temporal" - }, - "image": "ghcr.io/alexandrevilain/example-worker-process:latest", - "jobTtlSecondsAfterFinished": 300, - "pullPolicy": "Always", - "replicas": 3, - "temporalNamespace": "default", - "version": "latest" - } } ] capabilities: Seamless Upgrades categories: Application Runtime, Developer Tools, AI/Machine Learning containerImage: ghcr.io/alexandrevilain/temporal-operator - createdAt: "2024-02-24T13:12:36Z" + createdAt: "2024-04-30T10:06:00Z" operators.operatorframework.io/builder: operator-sdk-v1.30.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - name: temporal-operator.v0.17.0 + name: temporal-operator.v0.18.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -145,12 +105,6 @@ spec: kind: TemporalNamespace name: temporalnamespaces.temporal.io version: v1beta1 - - description: TemporalWorkerProcess is the Schema for the temporalworkerprocesses - API. - displayName: Temporal Worker Process - kind: TemporalWorkerProcess - name: temporalworkerprocesses.temporal.io - version: v1beta1 description: | ## Temporal Temporal is a durable workflow execution environment for applications. The Temporal operator will deploy all required Temporal server services and dependencies. You will need to deploy database, elasticsearch (optional) and prometheus/grafana (optional) separately. Temporal supports native MySQL, PostgreSQL or Cassandra databases. @@ -422,32 +376,6 @@ spec: - get - patch - update - - apiGroups: - - temporal.io - resources: - - temporalworkerprocesses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - temporal.io - resources: - - temporalworkerprocesses/finalizers - verbs: - - update - - apiGroups: - - temporal.io - resources: - - temporalworkerprocesses/status - verbs: - - get - - patch - - update serviceAccountName: temporal-operator-controller-manager deployments: - label: @@ -471,7 +399,7 @@ spec: - --leader-elect command: - /manager - image: ghcr.io/alexandrevilain/temporal-operator:v0.17.0 + image: ghcr.io/alexandrevilain/temporal-operator:v0.18.0 livenessProbe: httpGet: path: /healthz @@ -575,8 +503,8 @@ spec: provider: name: Temporal Community url: https://temporal.io/ - replaces: temporal-operator.helm-chart-0.2.0 - version: 0.17.0 + replaces: temporal-operator.v0.17.0 + version: 0.18.0 webhookdefinitions: - admissionReviewVersions: - v1 @@ -598,26 +526,6 @@ spec: targetPort: 9443 type: MutatingAdmissionWebhook webhookPath: /mutate-temporal-io-v1beta1-temporalcluster - - admissionReviewVersions: - - v1 - containerPort: 443 - deploymentName: temporal-operator-controller-manager - failurePolicy: Fail - generateName: mtemporalworkerprocess.kb.io - rules: - - apiGroups: - - temporal.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - temporalworkerprocesses - sideEffects: None - targetPort: 9443 - type: MutatingAdmissionWebhook - webhookPath: /mutate-temporal-io-v1beta1-temporalworkerprocess - admissionReviewVersions: - v1 containerPort: 443 @@ -638,23 +546,3 @@ spec: targetPort: 9443 type: ValidatingAdmissionWebhook webhookPath: /validate-temporal-io-v1beta1-temporalcluster - - admissionReviewVersions: - - v1 - containerPort: 443 - deploymentName: temporal-operator-controller-manager - failurePolicy: Fail - generateName: vtemporalworkerprocess.kb.io - rules: - - apiGroups: - - temporal.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - temporalworkerprocesses - sideEffects: None - targetPort: 9443 - type: ValidatingAdmissionWebhook - webhookPath: /validate-temporal-io-v1beta1-temporalworkerprocess diff --git a/bundle/manifests/temporal.io_temporalclusters.yaml b/bundle/manifests/temporal.io_temporalclusters.yaml index 75e7e06a..fdda96f1 100644 --- a/bundle/manifests/temporal.io_temporalclusters.yaml +++ b/bundle/manifests/temporal.io_temporalclusters.yaml @@ -612,6 +612,16 @@ spec: description: Enabled defines if the operator should enable mTLS for cluster's public endpoints. type: boolean + extraDnsNames: + description: ExtraDNSNames is a list of additional DNS names + associated with the TemporalCluster. These DNS names can + be used for accessing the TemporalCluster from external + services. The DNS names specified here will be added to + the TLS certificate for secure communication. + items: + type: string + nullable: true + type: array type: object internode: description: Internode allows configuration of the internode traffic @@ -651,6 +661,16 @@ spec: description: Enabled defines if the operator should enable metrics exposition on temporal components. type: boolean + excludeTags: + additionalProperties: + items: + type: string + type: array + description: ExcludeTags is a map from tag name string to tag + values string list. Each value present in keys will have relevant + tag value replaced with "_tag_excluded_" Each value in values + list will white-list tag values to be reported as usual. + type: object perUnitHistogramBoundaries: additionalProperties: items: @@ -661,6 +681,9 @@ spec: given metric unit. \n Supported values: - \"dimensionless\" - \"milliseconds\" - \"bytes\"" type: object + prefix: + description: Prefix sets the prefix to all outgoing metrics + type: string prometheus: description: Prometheus reporter configuration. properties: @@ -789,6 +812,13 @@ spec: objects. type: boolean type: object + bodySizeLimit: + description: "When defined, bodySizeLimit specifies + a job level limit on the size of uncompressed + response body that will be accepted by Prometheus. + \n It requires Prometheus >= v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string endpoints: description: List of endpoints part of this ServiceMonitor. items: @@ -1287,11 +1317,10 @@ spec: anyOf: - type: integer - type: string - description: "Name or number of the target - port of the `Pod` object behind the Service, - the port must be specified with container - port property. \n Deprecated: use `port` - instead." + description: Name or number of the target + port of the `Pod` object behind the Service. + The port must be specified with the container's + port property. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when @@ -1524,6 +1553,30 @@ spec: will be accepted.' format: int64 type: integer + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string + scrapeProtocols: + description: "`scrapeProtocols` defines the protocols + to negotiate during a scrape. It tells clients + the protocols supported by Prometheus in order + of preference (from most to least preferred). + \n If unset, Prometheus uses its default value. + \n It requires Prometheus >= v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol + used by Prometheus for scraping metrics. Supported + values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` + * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + type: string + type: array + x-kubernetes-list-type: set selector: description: Label selector to select the Kubernetes `Endpoints` objects. diff --git a/bundle/manifests/temporal.io_temporalworkerprocesses.yaml b/bundle/manifests/temporal.io_temporalworkerprocesses.yaml deleted file mode 100644 index 80689e3e..00000000 --- a/bundle/manifests/temporal.io_temporalworkerprocesses.yaml +++ /dev/null @@ -1,287 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: temporalworkerprocesses.temporal.io -spec: - group: temporal.io - names: - kind: TemporalWorkerProcess - listKind: TemporalWorkerProcessList - plural: temporalworkerprocesses - singular: temporalworkerprocess - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type == 'Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status - name: ReconcileSuccess - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: temporal.io/v1beta1 TemporalWorkerProcess is deprecated and - will be removed in TemporalOperator >= 0.18.0. Please use TemporalClusterClient - with your own deployment instead. - name: v1beta1 - schema: - openAPIV3Schema: - description: TemporalWorkerProcess is the Schema for the temporalworkerprocesses - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess. - properties: - builder: - description: Builder is the configuration for building a TemporalWorkerProcess. - THIS FEATURE IS HIGHLY EXPERIMENTAL. - properties: - attempt: - description: BuildAttempt is the build attempt number of a given - version - format: int32 - type: integer - buildDir: - description: BuildDir is the location of where the sources will - be built. - type: string - buildRegistry: - description: BuildRegistry specifies how to connect to container - registry. - properties: - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the docker repo password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - repository: - description: Repository is the fqdn to the image repo. - type: string - username: - description: Username is the username for the container repo. - type: string - required: - - passwordSecretRef - - repository - - username - type: object - enabled: - description: Enabled defines if the operator should build the - temporal worker process. - type: boolean - gitRepository: - description: GitRepository specifies how to connect to Git source - control. - properties: - reference: - description: Reference specifies the Git reference to resolve - and monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'main' if - no other field is defined. - type: string - type: object - url: - description: URL specifies the Git repository URL, it can - be an HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - required: - - url - type: object - image: - description: Image is the image that will be used to build worker - image. - type: string - version: - description: Version is the version of the image that will be - used to build worker image. - type: string - required: - - enabled - type: object - clusterRef: - description: Reference to the temporal cluster the worker will connect - to. - properties: - name: - description: The name of the TemporalCluster to reference. - type: string - namespace: - description: The namespace of the TemporalCluster to reference. - Defaults to the namespace of the requested resource if omitted. - type: string - type: object - image: - description: Image defines the temporal worker docker image the instance - should run. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling temporal images from registries. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jobTtlSecondsAfterFinished: - default: 300 - description: JobTTLSecondsAfterFinished is amount of time to keep - job pods after jobs are completed. Defaults to 300 seconds. - format: int32 - minimum: 1 - type: integer - pullPolicy: - description: Image pull policy for determining how to pull worker - process images. - type: string - replicas: - description: Number of desired replicas. Default to 1. - format: int32 - minimum: 1 - type: integer - temporalNamespace: - description: TemporalNamespace that worker will poll. - type: string - version: - description: Version defines the worker process version. - type: string - required: - - clusterRef - - image - - temporalNamespace - type: object - status: - description: TemporalWorkerProcessStatus defines the observed state of - TemporalWorkerProcess. - properties: - attempt: - description: BuildAttempt is the build attempt number of a given version - format: int32 - type: integer - conditions: - description: Conditions represent the latest available observations - of the worker process state. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - created: - description: Created indicates if the worker process image was created. - type: boolean - ready: - description: Ready defines if the worker process is ready. - type: boolean - version: - description: Version is the version of the image that will be used - to build worker image. - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/charts/temporal-operator/Chart.yaml b/charts/temporal-operator/Chart.yaml index 781736b5..7de136a5 100644 --- a/charts/temporal-operator/Chart.yaml +++ b/charts/temporal-operator/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.16.2" +appVersion: "v0.18.0" diff --git a/charts/temporal-operator/crds/temporal-operator.crds.yaml b/charts/temporal-operator/crds/temporal-operator.crds.yaml index 598e242a..de9dad27 100644 --- a/charts/temporal-operator/crds/temporal-operator.crds.yaml +++ b/charts/temporal-operator/crds/temporal-operator.crds.yaml @@ -524,7 +524,7 @@ spec: type: object type: array description: Values contains all dynamic config keys and their - constained values. + constrained values. type: object required: - values @@ -553,8028 +553,2303 @@ spec: items: description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + jobResources: + description: JobResources allows set resources for setup/update jobs. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + jobTtlSecondsAfterFinished: + default: 300 + description: JobTTLSecondsAfterFinished is amount of time to keep + job pods after jobs are completed. Defaults to 300 seconds. + format: int32 + minimum: 1 + type: integer + log: + description: Log defines temporal cluster's logger configuration. + properties: + development: + default: false + description: Development determines whether the logger is run + in Development (== Test) or in Production mode. Default is + Production. Production-stage disables panics from DPanic logging. + type: boolean + format: + default: json + description: Format determines the format of each log file printed + to the output. Use "console" if you want stack traces to appear + on multiple lines. + enum: + - json + - console + type: string + level: + default: info + description: Level is the desired log level; see colocated zap_logger.go::parseZapLevel() + enum: + - debug + - info + - warn + - error + - dpanic + - panic + - fatal + type: string + outputFile: + description: OutputFile is the path to the log output file. + type: string + stdout: + default: true + description: Stdout is true if the output needs to goto standard + out; default is stderr. + type: boolean + type: object + mTLS: + description: MTLS allows configuration of the network traffic encryption + for the cluster. + properties: + certificatesDuration: + description: CertificatesDuration allows configuration of maximum + certificates lifetime. Useless if mTLS provider is not cert-manager. + properties: + clientCertificates: + description: ClientCertificates is the 'duration' (i.e. lifetime) + of the client certificates. It defaults to 1 year. + type: string + frontendCertificate: + description: FrontendCertificate is the 'duration' (i.e. lifetime) + of the frontend certificate. It defaults to 1 year. + type: string + intermediateCAsCertificates: + description: IntermediateCACertificates is the 'duration' + (i.e. lifetime) of the intermediate CAs Certificates. It + defaults to 5 years. + type: string + internodeCertificate: + description: InternodeCertificate is the 'duration' (i.e. + lifetime) of the internode certificate. It defaults to 1 + year. + type: string + rootCACertificate: + description: RootCACertificate is the 'duration' (i.e. lifetime) + of the Root CA Certificate. It defaults to 10 years. + type: string + type: object + frontend: + description: Frontend allows configuration of the frontend's public + endpoint traffic encryption. Useless if mTLS provider is not + cert-manager. + properties: + enabled: + description: Enabled defines if the operator should enable + mTLS for cluster's public endpoints. + type: boolean + extraDnsNames: + description: ExtraDNSNames is a list of additional DNS names + associated with the TemporalCluster. These DNS names can + be used for accessing the TemporalCluster from external + services. The DNS names specified here will be added to + the TLS certificate for secure communication. + items: + type: string + nullable: true + type: array + type: object + internode: + description: Internode allows configuration of the internode traffic + encryption. Useless if mTLS provider is not cert-manager. + properties: + enabled: + description: Enabled defines if the operator should enable + mTLS for network between cluster nodes. + type: boolean + type: object + provider: + default: cert-manager + description: Provider defines the tool used to manage mTLS certificates. + enum: + - cert-manager + - linkerd + - istio + type: string + refreshInterval: + description: RefreshInterval defines interval between refreshes + of certificates in the cluster components. Defaults to 1 hour. + Useless if mTLS provider is not cert-manager. + type: string + renewBefore: + description: RenewBefore is defines how long before the currently + issued certificate's expiry cert-manager should renew the certificate. + The default is 2/3 of the issued certificate's duration. Minimum + accepted value is 5 minutes. Useless if mTLS provider is not + cert-manager. + type: string + type: object + metrics: + description: Metrics allows configuration of scraping endpoints for + stats. prometheus or m3. + properties: + enabled: + description: Enabled defines if the operator should enable metrics + exposition on temporal components. + type: boolean + excludeTags: + additionalProperties: items: type: string type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: ExcludeTags is a map from tag name string to tag + values string list. Each value present in keys will have relevant + tag value replaced with "_tag_excluded_" Each value in values + list will white-list tag values to be reported as usual. + type: object + perUnitHistogramBoundaries: + additionalProperties: items: type: string type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + description: "PerUnitHistogramBoundaries defines the default histogram + bucket boundaries. Configuration of histogram boundaries for + given metric unit. \n Supported values: - \"dimensionless\" + - \"milliseconds\" - \"bytes\"" + type: object + prefix: + description: Prefix sets the prefix to all outgoing metrics + type: string + prometheus: + description: Prometheus reporter configuration. + properties: + listenAddress: + description: Deprecated. Address for prometheus to serve metrics + from. + type: string + listenPort: + description: ListenPort for prometheus to serve metrics from. + format: int32 + type: integer + scrapeConfig: + description: ScrapeConfig is the prometheus scrape configuration. properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + annotations: + description: Annotations defines if the operator should + add prometheus scrape annotations to the services pods. + type: boolean + serviceMonitor: + description: PrometheusScrapeConfigServiceMonitor is the + configuration for prometheus operator ServiceMonitor. properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource + enabled: + description: Enabled defines if the operator should + create a ServiceMonitor for each services. + type: boolean + labels: + additionalProperties: + type: string + description: Labels adds extra labels to the ServiceMonitor. type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value + metricRelabelings: + description: MetricRelabelConfigs to apply to samples + before ingestion. + items: + description: "RelabelConfig allows dynamic rewriting + of the label set for targets, alerts, scraped + samples and remote write samples. \n More info: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the + regex matching. \n `Uppercase` and `Lowercase` + actions require Prometheus >= v2.36.0. `DropEqual` + and `KeepEqual` actions require Prometheus + >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of + the source label values. \n Only applicable + when the action is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which + the extracted value is matched. + type: string + replacement: + description: "Replacement value against which + a Replace action is performed if the regular + expression matches. \n Regex capture groups + are available." + type: string + separator: + description: Separator is the string between + concatenated SourceLabels. + type: string + sourceLabels: + description: The source labels select values + from existing labels. Their content is concatenated + using the configured Separator and matched + against the configured regular expression. + items: + description: LabelName is a valid Prometheus + label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + type: array + targetLabel: + description: "Label to which the resulting string + is written in a replacement. \n It is mandatory + for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. \n Regex + capture groups are available." + type: string + type: object + type: array + override: + description: Override allows customization of the + created ServiceMonitor. All fields can be overwritten + except "endpoints", "selector" and "namespaceSelector". + properties: + attachMetadata: + description: "`attachMetadata` defines additional + metadata which is added to the discovered targets. + \n It requires Prometheus >= v2.37.0." properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value + node: + description: When set to true, Prometheus + must have the `get` permission on the `Nodes` + objects. + type: boolean type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value + bodySizeLimit: + description: "When defined, bodySizeLimit specifies + a job level limit on the size of uncompressed + response body that will be accepted by Prometheus. + \n It requires Prometheus >= v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - jobResources: - description: JobResources allows set resources for setup/update jobs. - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - jobTtlSecondsAfterFinished: - default: 300 - description: JobTTLSecondsAfterFinished is amount of time to keep - job pods after jobs are completed. Defaults to 300 seconds. - format: int32 - minimum: 1 - type: integer - log: - description: Log defines temporal cluster's logger configuration. - properties: - development: - default: false - description: Development determines whether the logger is run - in Development (== Test) or in Production mode. Default is - Production. Production-stage disables panics from DPanic logging. - type: boolean - format: - default: json - description: Format determines the format of each log file printed - to the output. Use "console" if you want stack traces to appear - on multiple lines. - enum: - - json - - console - type: string - level: - default: info - description: Level is the desired log level; see colocated zap_logger.go::parseZapLevel() - enum: - - debug - - info - - warn - - error - - dpanic - - panic - - fatal - type: string - outputFile: - description: OutputFile is the path to the log output file. - type: string - stdout: - default: true - description: Stdout is true if the output needs to goto standard - out; default is stderr. - type: boolean - type: object - mTLS: - description: MTLS allows configuration of the network traffic encryption - for the cluster. - properties: - certificatesDuration: - description: CertificatesDuration allows configuration of maximum - certificates lifetime. Useless if mTLS provider is not cert-manager. - properties: - clientCertificates: - description: ClientCertificates is the 'duration' (i.e. lifetime) - of the client certificates. It defaults to 1 year. - type: string - frontendCertificate: - description: FrontendCertificate is the 'duration' (i.e. lifetime) - of the frontend certificate. It defaults to 1 year. - type: string - intermediateCAsCertificates: - description: IntermediateCACertificates is the 'duration' - (i.e. lifetime) of the intermediate CAs Certificates. It - defaults to 5 years. - type: string - internodeCertificate: - description: InternodeCertificate is the 'duration' (i.e. - lifetime) of the internode certificate. It defaults to 1 - year. - type: string - rootCACertificate: - description: RootCACertificate is the 'duration' (i.e. lifetime) - of the Root CA Certificate. It defaults to 10 years. - type: string - type: object - frontend: - description: Frontend allows configuration of the frontend's public - endpoint traffic encryption. Useless if mTLS provider is not - cert-manager. - properties: - enabled: - description: Enabled defines if the operator should enable - mTLS for cluster's public endpoints. - type: boolean - type: object - internode: - description: Internode allows configuration of the internode traffic - encryption. Useless if mTLS provider is not cert-manager. - properties: - enabled: - description: Enabled defines if the operator should enable - mTLS for network between cluster nodes. - type: boolean - type: object - provider: - default: cert-manager - description: Provider defines the tool used to manage mTLS certificates. - enum: - - cert-manager - - linkerd - - istio - type: string - refreshInterval: - description: RefreshInterval defines interval between refreshes - of certificates in the cluster components. Defaults to 1 hour. - Useless if mTLS provider is not cert-manager. - type: string - renewBefore: - description: RenewBefore is defines how long before the currently - issued certificate's expiry cert-manager should renew the certificate. - The default is 2/3 of the issued certificate's duration. Minimum - accepted value is 5 minutes. Useless if mTLS provider is not - cert-manager. - type: string - type: object - metrics: - description: Metrics allows configuration of scraping endpoints for - stats. prometheus or m3. - properties: - enabled: - description: Enabled defines if the operator should enable metrics - exposition on temporal components. - type: boolean - perUnitHistogramBoundaries: - additionalProperties: - items: - type: string - type: array - description: "PerUnitHistogramBoundaries defines the default histogram - bucket boundaries. Configuration of histogram boundaries for - given metric unit. \n Supported values: - \"dimensionless\" - - \"milliseconds\" - \"bytes\"" - type: object - prometheus: - description: Prometheus reporter configuration. - properties: - listenAddress: - description: Deprecated. Address for prometheus to serve metrics - from. - type: string - listenPort: - description: ListenPort for prometheus to serve metrics from. - format: int32 - type: integer - scrapeConfig: - description: ScrapeConfig is the prometheus scrape configuration. - properties: - annotations: - description: Annotations defines if the operator should - add prometheus scrape annotations to the services pods. - type: boolean - serviceMonitor: - description: PrometheusScrapeConfigServiceMonitor is the - configuration for prometheus operator ServiceMonitor. - properties: - enabled: - description: Enabled defines if the operator should - create a ServiceMonitor for each services. - type: boolean - labels: - additionalProperties: - type: string - description: Labels adds extra labels to the ServiceMonitor. - type: object - metricRelabelings: - description: MetricRelabelConfigs to apply to samples - before ingestion. - items: - description: "RelabelConfig allows dynamic rewriting - of the label set for targets, alerts, scraped - samples and remote write samples. \n More info: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the - regex matching. \n `Uppercase` and `Lowercase` - actions require Prometheus >= v2.36.0. `DropEqual` - and `KeepEqual` actions require Prometheus - >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of - the source label values. \n Only applicable - when the action is `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which - the extracted value is matched. - type: string - replacement: - description: "Replacement value against which - a Replace action is performed if the regular - expression matches. \n Regex capture groups - are available." - type: string - separator: - description: Separator is the string between - concatenated SourceLabels. - type: string - sourceLabels: - description: The source labels select values - from existing labels. Their content is concatenated - using the configured Separator and matched - against the configured regular expression. - items: - description: LabelName is a valid Prometheus - label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string - is written in a replacement. \n It is mandatory - for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. \n Regex - capture groups are available." - type: string - type: object - type: array - override: - description: Override allows customization of the - created ServiceMonitor. All fields can be overritten - except "endpoints", "selector" and "namespaceSelector". - properties: - attachMetadata: - description: "`attachMetadata` defines additional - metadata which is added to the discovered targets. - \n It requires Prometheus >= v2.37.0." - properties: - node: - description: When set to true, Prometheus - must have the `get` permission on the `Nodes` - objects. - type: boolean - type: object - endpoints: - description: List of endpoints part of this ServiceMonitor. - items: - description: Endpoint defines an endpoint serving - Prometheus metrics to be scraped by Prometheus. - properties: - authorization: - description: "`authorization` configures - the Authorization header credentials to - use when scraping the target. \n Cannot - be set at the same time as `basicAuth`, - or `oauth2`." - properties: - credentials: - description: Selects a key of a Secret - in the namespace that contains the - credentials for authentication. - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication - type. The value is case-insensitive. - \n \"Basic\" is not a supported value. - \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: "`basicAuth` configures the - Basic Authentication credentials to use - when scraping the target. \n Cannot be - set at the same time as `authorization`, - or `oauth2`." - properties: - password: - description: '`password` specifies a - key of a Secret containing the password - for authentication.' - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a - key of a Secret containing the username - for authentication.' - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenFile: - description: "File to read bearer token - for scraping the target. \n Deprecated: - use `authorization` instead." - type: string - bearerTokenSecret: - description: "`bearerTokenSecret` specifies - a key of a Secret containing the bearer - token for scraping targets. The secret - needs to be in the same namespace as the - ServiceMonitor object and readable by - the Prometheus Operator. \n Deprecated: - use `authorization` instead." - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: '`enableHttp2` can be used - to disable HTTP2 when scraping the target.' - type: boolean - filterRunning: - description: "When true, the pods which - are not running (e.g. either in Failed - or Succeeded state) are dropped during - the target discovery. \n If unset, the - filtering is enabled. \n More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" - type: boolean - followRedirects: - description: '`followRedirects` defines - whether the scrape requests should follow - HTTP 3xx redirects.' - type: boolean - honorLabels: - description: When true, `honorLabels` preserves - the metric's labels when they collide - with the target's labels. - type: boolean - honorTimestamps: - description: '`honorTimestamps` controls - whether Prometheus preserves the timestamps - when exposed by the target.' - type: boolean - interval: - description: "Interval at which Prometheus - scrapes the metrics from the target. \n - If empty, Prometheus uses the global scrape - interval." - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: '`metricRelabelings` configures - the relabeling rules to apply to the samples - before ingestion.' - items: - description: "RelabelConfig allows dynamic - rewriting of the label set for targets, - alerts, scraped samples and remote write - samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based - on the regex matching. \n `Uppercase` - and `Lowercase` actions require - Prometheus >= v2.36.0. `DropEqual` - and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: - \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the - hash of the source label values. - \n Only applicable when the action - is `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against - which the extracted value is matched. - type: string - replacement: - description: "Replacement value against - which a Replace action is performed - if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string - between concatenated SourceLabels. - type: string - sourceLabels: - description: The source labels select - values from existing labels. Their - content is concatenated using the - configured Separator and matched - against the configured regular expression. - items: - description: LabelName is a valid - Prometheus label name which may - only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting - string is written in a replacement. - \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - \n Regex capture groups are available." - type: string - type: object - type: array - oauth2: - description: "`oauth2` configures the OAuth2 - settings to use when scraping the target. - \n It requires Prometheus >= 2.27.0. \n - Cannot be set at the same time as `authorization`, - or `basicAuth`." - properties: - clientId: - description: '`clientId` specifies a - key of a Secret or ConfigMap containing - the OAuth2 client''s ID.' - properties: - configMap: - description: ConfigMap containing - data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data - to use for the targets. - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies - a key of a Secret containing the OAuth2 - client''s secret.' - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures - the HTTP parameters to append to the - token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 - scopes used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures - the URL to fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: params define optional HTTP - URL parameters. - type: object - path: - description: "HTTP path from which to scrape - for metrics. \n If empty, Prometheus uses - the default value (e.g. `/metrics`)." - type: string - port: - description: "Name of the Service port which - this endpoint refers to. \n It takes precedence - over `targetPort`." - type: string - proxyUrl: - description: '`proxyURL` configures the - HTTP Proxy URL (e.g. "http://proxyserver:2195") - to go through when scraping the target.' - type: string - relabelings: - description: "`relabelings` configures the - relabeling rules to apply the target's - metadata labels. \n The Operator automatically - adds relabelings for a few standard Kubernetes - fields. \n The original scrape job's name - is available via the `__tmp_prometheus_job_name` - label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic - rewriting of the label set for targets, - alerts, scraped samples and remote write - samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based - on the regex matching. \n `Uppercase` - and `Lowercase` actions require - Prometheus >= v2.36.0. `DropEqual` - and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: - \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the - hash of the source label values. - \n Only applicable when the action - is `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against - which the extracted value is matched. - type: string - replacement: - description: "Replacement value against - which a Replace action is performed - if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string - between concatenated SourceLabels. - type: string - sourceLabels: - description: The source labels select - values from existing labels. Their - content is concatenated using the - configured Separator and matched - against the configured regular expression. - items: - description: LabelName is a valid - Prometheus label name which may - only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting - string is written in a replacement. - \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - \n Regex capture groups are available." - type: string - type: object - type: array - scheme: - description: "HTTP scheme to use for scraping. - \n `http` and `https` are the expected - values unless you rewrite the `__scheme__` - label via relabeling. \n If empty, Prometheus - uses the default value `http`." - enum: - - http - - https - type: string - scrapeTimeout: - description: "Timeout after which Prometheus - considers the scrape to be failed. \n - If empty, Prometheus uses the global scrape - timeout unless it is less than the target's - scrape interval value in which the latter - is used." - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: "Name or number of the target - port of the `Pod` object behind the Service, - the port must be specified with container - port property. \n Deprecated: use `port` - instead." - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when - scraping the target. - properties: - ca: - description: Certificate authority used - when verifying server certificates. - properties: - configMap: - description: ConfigMap containing - data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data - to use for the targets. - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in - the Prometheus container to use for - the targets. - type: string - cert: - description: Client certificate to present - when doing client-authentication. - properties: - configMap: - description: ConfigMap containing - data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data - to use for the targets. - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert - file in the Prometheus container for - the targets. - type: string - insecureSkipVerify: - description: Disable target certificate - validation. - type: boolean - keyFile: - description: Path to the client key - file in the Prometheus container for - the targets. - type: string - keySecret: - description: Secret containing the client - key file for the targets. - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname - for the targets. - type: string - type: object - trackTimestampsStaleness: - description: "`trackTimestampsStaleness` - defines whether Prometheus tracks staleness - of the metrics that have an explicit timestamp - present in scraped data. Has no effect - if `honorTimestamps` is false. \n It requires - Prometheus >= v2.48.0." - type: boolean - type: object - type: array - jobLabel: - description: "`jobLabel` selects the label from - the associated Kubernetes `Service` object which - will be used as the `job` label for all metrics. - \n For example if `jobLabel` is set to `foo` - and the Kubernetes `Service` object is labeled - with `foo: bar`, then Prometheus adds the `job=\"bar\"` - label to all ingested metrics. \n If the value - of this field is empty or if the label doesn't - exist for the given Service, the `job` label - of the metrics defaults to the name of the associated - Kubernetes `Service`." - type: string - keepDroppedTargets: - description: "Per-scrape limit on the number of - targets dropped by relabeling that will be kept - in memory. 0 means no limit. \n It requires - Prometheus >= v2.47.0." - format: int64 - type: integer - labelLimit: - description: "Per-scrape limit on number of labels - that will be accepted for a sample. \n It requires - Prometheus >= v2.27.0." - format: int64 - type: integer - labelNameLengthLimit: - description: "Per-scrape limit on length of labels - name that will be accepted for a sample. \n - It requires Prometheus >= v2.27.0." - format: int64 - type: integer - labelValueLengthLimit: - description: "Per-scrape limit on length of labels - value that will be accepted for a sample. \n - It requires Prometheus >= v2.27.0." - format: int64 - type: integer - namespaceSelector: - description: Selector to select which namespaces - the Kubernetes `Endpoints` objects are discovered - from. - properties: - any: - description: Boolean describing whether all - namespaces are selected in contrast to a - list restricting them. - type: boolean - matchNames: - description: List of namespace names to select - from. - items: - type: string - type: array - type: object - podTargetLabels: - description: '`podTargetLabels` defines the labels - which are transferred from the associated Kubernetes - `Pod` object onto the ingested metrics.' - items: - type: string - type: array - sampleLimit: - description: '`sampleLimit` defines a per-scrape - limit on the number of scraped samples that - will be accepted.' - format: int64 - type: integer - selector: - description: Label selector to select the Kubernetes - `Endpoints` objects. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLabels: - description: '`targetLabels` defines the labels - which are transferred from the associated Kubernetes - `Service` object onto the ingested metrics.' - items: - type: string - type: array - targetLimit: - description: '`targetLimit` defines a limit on - the number of scraped targets that will be accepted.' - format: int64 - type: integer - required: - - selector - type: object - type: object - type: object - type: object - required: - - enabled - type: object - numHistoryShards: - description: NumHistoryShards is the desired number of history shards. - This field is immutable. - format: int32 - minimum: 1 - type: integer - persistence: - description: Persistence defines temporal persistence configuration. - properties: - advancedVisibilityStore: - description: AdvancedVisibilityStore holds the avanced visibility - datastore specs. - properties: - cassandra: - description: Cassandra holds all connection parameters for - Cassandra datastore. Note that cassandra is now deprecated - for visibility store. - properties: - connectTimeout: - description: ConnectTimeout is a timeout for initial dial - to cassandra server. - type: string - consistency: - description: Consistency configuration. - properties: - consistency: - description: Consistency sets the default consistency - level. Values identical to gocql Consistency values. - (defaults to LOCAL_QUORUM if not set). - enum: - - ANY - - ONE - - TWO - - THREE - - QUORUM - - ALL - - LOCAL_QUORUM - - EACH_QUORUM - - LOCAL_ONE - type: integer - serialConsistency: - description: SerialConsistency sets the consistency - for the serial prtion of queries. Values identical - to gocql SerialConsistency values. (defaults to - LOCAL_SERIAL if not set) - enum: - - SERIAL - - LOCAL_SERIAL - type: integer - type: object - datacenter: - description: Datacenter is the data center filter arg - for cassandra. - type: string - disableInitialHostLookup: - description: DisableInitialHostLookup instructs the gocql - client to connect only using the supplied hosts. - type: boolean - hosts: - description: Hosts is a list of cassandra endpoints. - items: - type: string - type: array - keyspace: - description: Keyspace is the cassandra keyspace. - type: string - maxConns: - description: MaxConns is the max number of connections - to this datastore for a single keyspace. - type: integer - port: - description: Port is the cassandra port used for connection - by gocql client. - type: integer - user: - description: User is the cassandra user used for authentication - by gocql client. - type: string - required: - - hosts - - keyspace - - port - - user - type: object - elasticsearch: - description: Elasticsearch holds all connection parameters - for Elasticsearch datastores. - properties: - closeIdleConnectionsInterval: - description: CloseIdleConnectionsInterval is the max duration - a connection stay open while idle. - type: string - enableHealthcheck: - description: EnableHealthcheck enables or disables healthcheck - on the temporal cluster's es client. - type: boolean - enableSniff: - description: EnableSniff enables or disables sniffer on - the temporal cluster's es client. - type: boolean - indices: - description: Indices holds visibility index names. - properties: - secondaryVisibility: - description: SecondaryVisibility defines secondary - visibility's index name. - type: string - visibility: - default: temporal_visibility_v1 - description: Visibility defines visibility's index - name. - type: string - required: - - visibility - type: object - logLevel: - description: LogLevel defines the temporal cluster's es - client logger level. - type: string - url: - description: URL is the connection url to connect to the - instance. - pattern: ^https?:\/\/.+$ - type: string - username: - description: Username is the username to be used for the - connection. - type: string - version: - default: v7 - description: Version defines the elasticsearch version. - pattern: ^v(6|7|8)$ - type: string - required: - - indices - - url - - username - - version - type: object - name: - description: Name is the name of the datastore. It should - be unique and will be referenced within the persitence spec. - Defaults to "default" for default sore, "visibility" for - visibility store, "secondaryVisibility" for secondary visibility - store and "advancedVisibility" for advanced visibility store. - type: string - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - skipCreate: - description: SkipCreate instructs the operator to skip creating - the database for SQL datastores or to skip creating keyspace - for Cassandra. Use this option if your database or keyspace - has already been provisioned by an administrator. - type: boolean - sql: - description: SQL holds all connection parameters for SQL datastores. - properties: - connectAddr: - description: ConnectAddr is the remote addr of the database. - type: string - connectAttributes: - additionalProperties: - type: string - description: ConnectAttributes is a set of key-value attributes - to be sent as part of connect data_source_name url - type: object - connectProtocol: - description: ConnectProtocol is the protocol that goes - with the ConnectAddr. - type: string - databaseName: - description: DatabaseName is the name of SQL database - to connect to. - type: string - gcpServiceAccount: - description: GCPServiceAccount is the service account - to use to authenticate with GCP CloudSQL - type: string - maxConnLifetime: - description: MaxConnLifetime is the maximum time a connection - can be alive - type: string - maxConns: - description: MaxConns the max number of connections to - this datastore. - type: integer - maxIdleConns: - description: MaxIdleConns is the max number of idle connections - to this datastore. - type: integer - pluginName: - description: PluginName is the name of SQL plugin. - enum: - - postgres - - postgres12 - - mysql - - mysql8 - type: string - taskScanPartitions: - description: TaskScanPartitions is the number of partitions - to sequentially scan during ListTaskQueue operations. - type: integer - user: - description: User is the username to be used for the connection. - type: string - required: - - connectAddr - - databaseName - - pluginName - - user - type: object - tls: - description: TLS is an optional option to connect to the datastore - using TLS. - properties: - caFileRef: - description: CaFileRef is a reference to a secret containing - the ca file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - certFileRef: - description: CertFileRef is a reference to a secret containing - the cert file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - enableHostVerification: - description: EnableHostVerification defines if the hostname - should be verified when connecting to the datastore. - type: boolean - enabled: - description: Enabled defines if the cluster should use - a TLS connection to connect to the datastore. - type: boolean - keyFileRef: - description: KeyFileRef is a reference to a secret containing - the key file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - serverName: - description: ServerName the datastore should present. - type: string - required: - - enableHostVerification - - enabled - type: object - type: object - defaultStore: - description: DefaultStore holds the default datastore specs. - properties: - cassandra: - description: Cassandra holds all connection parameters for - Cassandra datastore. Note that cassandra is now deprecated - for visibility store. - properties: - connectTimeout: - description: ConnectTimeout is a timeout for initial dial - to cassandra server. - type: string - consistency: - description: Consistency configuration. - properties: - consistency: - description: Consistency sets the default consistency - level. Values identical to gocql Consistency values. - (defaults to LOCAL_QUORUM if not set). - enum: - - ANY - - ONE - - TWO - - THREE - - QUORUM - - ALL - - LOCAL_QUORUM - - EACH_QUORUM - - LOCAL_ONE - type: integer - serialConsistency: - description: SerialConsistency sets the consistency - for the serial prtion of queries. Values identical - to gocql SerialConsistency values. (defaults to - LOCAL_SERIAL if not set) - enum: - - SERIAL - - LOCAL_SERIAL - type: integer - type: object - datacenter: - description: Datacenter is the data center filter arg - for cassandra. - type: string - disableInitialHostLookup: - description: DisableInitialHostLookup instructs the gocql - client to connect only using the supplied hosts. - type: boolean - hosts: - description: Hosts is a list of cassandra endpoints. - items: - type: string - type: array - keyspace: - description: Keyspace is the cassandra keyspace. - type: string - maxConns: - description: MaxConns is the max number of connections - to this datastore for a single keyspace. - type: integer - port: - description: Port is the cassandra port used for connection - by gocql client. - type: integer - user: - description: User is the cassandra user used for authentication - by gocql client. - type: string - required: - - hosts - - keyspace - - port - - user - type: object - elasticsearch: - description: Elasticsearch holds all connection parameters - for Elasticsearch datastores. - properties: - closeIdleConnectionsInterval: - description: CloseIdleConnectionsInterval is the max duration - a connection stay open while idle. - type: string - enableHealthcheck: - description: EnableHealthcheck enables or disables healthcheck - on the temporal cluster's es client. - type: boolean - enableSniff: - description: EnableSniff enables or disables sniffer on - the temporal cluster's es client. - type: boolean - indices: - description: Indices holds visibility index names. - properties: - secondaryVisibility: - description: SecondaryVisibility defines secondary - visibility's index name. - type: string - visibility: - default: temporal_visibility_v1 - description: Visibility defines visibility's index - name. - type: string - required: - - visibility - type: object - logLevel: - description: LogLevel defines the temporal cluster's es - client logger level. - type: string - url: - description: URL is the connection url to connect to the - instance. - pattern: ^https?:\/\/.+$ - type: string - username: - description: Username is the username to be used for the - connection. - type: string - version: - default: v7 - description: Version defines the elasticsearch version. - pattern: ^v(6|7|8)$ - type: string - required: - - indices - - url - - username - - version - type: object - name: - description: Name is the name of the datastore. It should - be unique and will be referenced within the persitence spec. - Defaults to "default" for default sore, "visibility" for - visibility store, "secondaryVisibility" for secondary visibility - store and "advancedVisibility" for advanced visibility store. - type: string - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - skipCreate: - description: SkipCreate instructs the operator to skip creating - the database for SQL datastores or to skip creating keyspace - for Cassandra. Use this option if your database or keyspace - has already been provisioned by an administrator. - type: boolean - sql: - description: SQL holds all connection parameters for SQL datastores. - properties: - connectAddr: - description: ConnectAddr is the remote addr of the database. - type: string - connectAttributes: - additionalProperties: - type: string - description: ConnectAttributes is a set of key-value attributes - to be sent as part of connect data_source_name url - type: object - connectProtocol: - description: ConnectProtocol is the protocol that goes - with the ConnectAddr. - type: string - databaseName: - description: DatabaseName is the name of SQL database - to connect to. - type: string - gcpServiceAccount: - description: GCPServiceAccount is the service account - to use to authenticate with GCP CloudSQL - type: string - maxConnLifetime: - description: MaxConnLifetime is the maximum time a connection - can be alive - type: string - maxConns: - description: MaxConns the max number of connections to - this datastore. - type: integer - maxIdleConns: - description: MaxIdleConns is the max number of idle connections - to this datastore. - type: integer - pluginName: - description: PluginName is the name of SQL plugin. - enum: - - postgres - - postgres12 - - mysql - - mysql8 - type: string - taskScanPartitions: - description: TaskScanPartitions is the number of partitions - to sequentially scan during ListTaskQueue operations. - type: integer - user: - description: User is the username to be used for the connection. - type: string - required: - - connectAddr - - databaseName - - pluginName - - user - type: object - tls: - description: TLS is an optional option to connect to the datastore - using TLS. - properties: - caFileRef: - description: CaFileRef is a reference to a secret containing - the ca file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - certFileRef: - description: CertFileRef is a reference to a secret containing - the cert file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - enableHostVerification: - description: EnableHostVerification defines if the hostname - should be verified when connecting to the datastore. - type: boolean - enabled: - description: Enabled defines if the cluster should use - a TLS connection to connect to the datastore. - type: boolean - keyFileRef: - description: KeyFileRef is a reference to a secret containing - the key file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - serverName: - description: ServerName the datastore should present. - type: string - required: - - enableHostVerification - - enabled - type: object - type: object - secondaryVisibilityStore: - description: SecondaryVisibilityStore holds the secondary visibility - datastore specs. Feature only available for clusters >= 1.21.0. - properties: - cassandra: - description: Cassandra holds all connection parameters for - Cassandra datastore. Note that cassandra is now deprecated - for visibility store. - properties: - connectTimeout: - description: ConnectTimeout is a timeout for initial dial - to cassandra server. - type: string - consistency: - description: Consistency configuration. - properties: - consistency: - description: Consistency sets the default consistency - level. Values identical to gocql Consistency values. - (defaults to LOCAL_QUORUM if not set). - enum: - - ANY - - ONE - - TWO - - THREE - - QUORUM - - ALL - - LOCAL_QUORUM - - EACH_QUORUM - - LOCAL_ONE - type: integer - serialConsistency: - description: SerialConsistency sets the consistency - for the serial prtion of queries. Values identical - to gocql SerialConsistency values. (defaults to - LOCAL_SERIAL if not set) - enum: - - SERIAL - - LOCAL_SERIAL - type: integer - type: object - datacenter: - description: Datacenter is the data center filter arg - for cassandra. - type: string - disableInitialHostLookup: - description: DisableInitialHostLookup instructs the gocql - client to connect only using the supplied hosts. - type: boolean - hosts: - description: Hosts is a list of cassandra endpoints. - items: - type: string - type: array - keyspace: - description: Keyspace is the cassandra keyspace. - type: string - maxConns: - description: MaxConns is the max number of connections - to this datastore for a single keyspace. - type: integer - port: - description: Port is the cassandra port used for connection - by gocql client. - type: integer - user: - description: User is the cassandra user used for authentication - by gocql client. - type: string - required: - - hosts - - keyspace - - port - - user - type: object - elasticsearch: - description: Elasticsearch holds all connection parameters - for Elasticsearch datastores. - properties: - closeIdleConnectionsInterval: - description: CloseIdleConnectionsInterval is the max duration - a connection stay open while idle. - type: string - enableHealthcheck: - description: EnableHealthcheck enables or disables healthcheck - on the temporal cluster's es client. - type: boolean - enableSniff: - description: EnableSniff enables or disables sniffer on - the temporal cluster's es client. - type: boolean - indices: - description: Indices holds visibility index names. - properties: - secondaryVisibility: - description: SecondaryVisibility defines secondary - visibility's index name. - type: string - visibility: - default: temporal_visibility_v1 - description: Visibility defines visibility's index - name. - type: string - required: - - visibility - type: object - logLevel: - description: LogLevel defines the temporal cluster's es - client logger level. - type: string - url: - description: URL is the connection url to connect to the - instance. - pattern: ^https?:\/\/.+$ - type: string - username: - description: Username is the username to be used for the - connection. - type: string - version: - default: v7 - description: Version defines the elasticsearch version. - pattern: ^v(6|7|8)$ - type: string - required: - - indices - - url - - username - - version - type: object - name: - description: Name is the name of the datastore. It should - be unique and will be referenced within the persitence spec. - Defaults to "default" for default sore, "visibility" for - visibility store, "secondaryVisibility" for secondary visibility - store and "advancedVisibility" for advanced visibility store. - type: string - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - skipCreate: - description: SkipCreate instructs the operator to skip creating - the database for SQL datastores or to skip creating keyspace - for Cassandra. Use this option if your database or keyspace - has already been provisioned by an administrator. - type: boolean - sql: - description: SQL holds all connection parameters for SQL datastores. - properties: - connectAddr: - description: ConnectAddr is the remote addr of the database. - type: string - connectAttributes: - additionalProperties: - type: string - description: ConnectAttributes is a set of key-value attributes - to be sent as part of connect data_source_name url - type: object - connectProtocol: - description: ConnectProtocol is the protocol that goes - with the ConnectAddr. - type: string - databaseName: - description: DatabaseName is the name of SQL database - to connect to. - type: string - gcpServiceAccount: - description: GCPServiceAccount is the service account - to use to authenticate with GCP CloudSQL - type: string - maxConnLifetime: - description: MaxConnLifetime is the maximum time a connection - can be alive - type: string - maxConns: - description: MaxConns the max number of connections to - this datastore. - type: integer - maxIdleConns: - description: MaxIdleConns is the max number of idle connections - to this datastore. - type: integer - pluginName: - description: PluginName is the name of SQL plugin. - enum: - - postgres - - postgres12 - - mysql - - mysql8 - type: string - taskScanPartitions: - description: TaskScanPartitions is the number of partitions - to sequentially scan during ListTaskQueue operations. - type: integer - user: - description: User is the username to be used for the connection. - type: string - required: - - connectAddr - - databaseName - - pluginName - - user - type: object - tls: - description: TLS is an optional option to connect to the datastore - using TLS. - properties: - caFileRef: - description: CaFileRef is a reference to a secret containing - the ca file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - certFileRef: - description: CertFileRef is a reference to a secret containing - the cert file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - enableHostVerification: - description: EnableHostVerification defines if the hostname - should be verified when connecting to the datastore. - type: boolean - enabled: - description: Enabled defines if the cluster should use - a TLS connection to connect to the datastore. - type: boolean - keyFileRef: - description: KeyFileRef is a reference to a secret containing - the key file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - serverName: - description: ServerName the datastore should present. - type: string - required: - - enableHostVerification - - enabled - type: object - type: object - visibilityStore: - description: VisibilityStore holds the visibility datastore specs. - properties: - cassandra: - description: Cassandra holds all connection parameters for - Cassandra datastore. Note that cassandra is now deprecated - for visibility store. - properties: - connectTimeout: - description: ConnectTimeout is a timeout for initial dial - to cassandra server. - type: string - consistency: - description: Consistency configuration. - properties: - consistency: - description: Consistency sets the default consistency - level. Values identical to gocql Consistency values. - (defaults to LOCAL_QUORUM if not set). - enum: - - ANY - - ONE - - TWO - - THREE - - QUORUM - - ALL - - LOCAL_QUORUM - - EACH_QUORUM - - LOCAL_ONE - type: integer - serialConsistency: - description: SerialConsistency sets the consistency - for the serial prtion of queries. Values identical - to gocql SerialConsistency values. (defaults to - LOCAL_SERIAL if not set) - enum: - - SERIAL - - LOCAL_SERIAL - type: integer - type: object - datacenter: - description: Datacenter is the data center filter arg - for cassandra. - type: string - disableInitialHostLookup: - description: DisableInitialHostLookup instructs the gocql - client to connect only using the supplied hosts. - type: boolean - hosts: - description: Hosts is a list of cassandra endpoints. - items: - type: string - type: array - keyspace: - description: Keyspace is the cassandra keyspace. - type: string - maxConns: - description: MaxConns is the max number of connections - to this datastore for a single keyspace. - type: integer - port: - description: Port is the cassandra port used for connection - by gocql client. - type: integer - user: - description: User is the cassandra user used for authentication - by gocql client. - type: string - required: - - hosts - - keyspace - - port - - user - type: object - elasticsearch: - description: Elasticsearch holds all connection parameters - for Elasticsearch datastores. - properties: - closeIdleConnectionsInterval: - description: CloseIdleConnectionsInterval is the max duration - a connection stay open while idle. - type: string - enableHealthcheck: - description: EnableHealthcheck enables or disables healthcheck - on the temporal cluster's es client. - type: boolean - enableSniff: - description: EnableSniff enables or disables sniffer on - the temporal cluster's es client. - type: boolean - indices: - description: Indices holds visibility index names. - properties: - secondaryVisibility: - description: SecondaryVisibility defines secondary - visibility's index name. - type: string - visibility: - default: temporal_visibility_v1 - description: Visibility defines visibility's index - name. - type: string - required: - - visibility - type: object - logLevel: - description: LogLevel defines the temporal cluster's es - client logger level. - type: string - url: - description: URL is the connection url to connect to the - instance. - pattern: ^https?:\/\/.+$ - type: string - username: - description: Username is the username to be used for the - connection. - type: string - version: - default: v7 - description: Version defines the elasticsearch version. - pattern: ^v(6|7|8)$ - type: string - required: - - indices - - url - - username - - version - type: object - name: - description: Name is the name of the datastore. It should - be unique and will be referenced within the persitence spec. - Defaults to "default" for default sore, "visibility" for - visibility store, "secondaryVisibility" for secondary visibility - store and "advancedVisibility" for advanced visibility store. - type: string - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - skipCreate: - description: SkipCreate instructs the operator to skip creating - the database for SQL datastores or to skip creating keyspace - for Cassandra. Use this option if your database or keyspace - has already been provisioned by an administrator. - type: boolean - sql: - description: SQL holds all connection parameters for SQL datastores. - properties: - connectAddr: - description: ConnectAddr is the remote addr of the database. - type: string - connectAttributes: - additionalProperties: - type: string - description: ConnectAttributes is a set of key-value attributes - to be sent as part of connect data_source_name url - type: object - connectProtocol: - description: ConnectProtocol is the protocol that goes - with the ConnectAddr. - type: string - databaseName: - description: DatabaseName is the name of SQL database - to connect to. - type: string - gcpServiceAccount: - description: GCPServiceAccount is the service account - to use to authenticate with GCP CloudSQL - type: string - maxConnLifetime: - description: MaxConnLifetime is the maximum time a connection - can be alive - type: string - maxConns: - description: MaxConns the max number of connections to - this datastore. - type: integer - maxIdleConns: - description: MaxIdleConns is the max number of idle connections - to this datastore. - type: integer - pluginName: - description: PluginName is the name of SQL plugin. - enum: - - postgres - - postgres12 - - mysql - - mysql8 - type: string - taskScanPartitions: - description: TaskScanPartitions is the number of partitions - to sequentially scan during ListTaskQueue operations. - type: integer - user: - description: User is the username to be used for the connection. - type: string - required: - - connectAddr - - databaseName - - pluginName - - user - type: object - tls: - description: TLS is an optional option to connect to the datastore - using TLS. - properties: - caFileRef: - description: CaFileRef is a reference to a secret containing - the ca file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - certFileRef: - description: CertFileRef is a reference to a secret containing - the cert file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - enableHostVerification: - description: EnableHostVerification defines if the hostname - should be verified when connecting to the datastore. - type: boolean - enabled: - description: Enabled defines if the cluster should use - a TLS connection to connect to the datastore. - type: boolean - keyFileRef: - description: KeyFileRef is a reference to a secret containing - the key file. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - serverName: - description: ServerName the datastore should present. - type: string - required: - - enableHostVerification - - enabled - type: object - type: object - required: - - defaultStore - - visibilityStore - type: object - services: - description: Services allows customizations for each temporal services - deployment. - properties: - frontend: - description: Frontend service custom specifications. - properties: - httpPort: - description: 'HTTPPort defines a custom http port for the - service. Default values are: 7243 for Frontend service' - type: integer - initContainers: - description: InitContainers adds a list of init containers - to the service's deployment. - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. - type: string - required: - - name - type: object - type: array - membershipPort: - description: 'MembershipPort defines a custom membership port - for the service. Default values are: 6933 for Frontend service - 6934 for History service 6935 for Matching service 6939 - for Worker service' - type: integer - overrides: - description: Overrides adds some overrides to the resources - deployed for the service. Those overrides takes precedence - over spec.services.overrides. - properties: - deployment: - description: Override configuration for the temporal service - Deployment. - properties: - metadata: - description: ObjectMetaOverride provides the ability - to override an object metadata. It's a subset of - the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key - value map stored with a resource that may be - set by external tools to store and retrieve - arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values that - can be used to organize and categorize (scope - and select) objects. - type: object - type: object - spec: - description: Specification of the desired behavior - of the Deployment. - properties: - template: - description: Template describes the pods that - will be created. - properties: - metadata: - description: ObjectMetaOverride provides the - ability to override an object metadata. - It's a subset of the fields included in - k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. - type: object - type: object - spec: - description: Specification of the desired - behavior of the pod. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - type: object - port: - description: 'Port defines a custom gRPC port for the service. - Default values are: 7233 for Frontend service 7234 for History - service 7235 for Matching service 7239 for Worker service' - type: integer - replicas: - description: Number of desired replicas for the service. Default - to 1. - format: int32 - minimum: 1 - type: integer - resources: - description: 'Compute Resources required by this service. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - history: - description: History service custom specifications. - properties: - httpPort: - description: 'HTTPPort defines a custom http port for the - service. Default values are: 7243 for Frontend service' - type: integer - initContainers: - description: InitContainers adds a list of init containers - to the service's deployment. - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. + endpoints: + description: List of endpoints part of this ServiceMonitor. + items: + description: Endpoint defines an endpoint serving + Prometheus metrics to be scraped by Prometheus. properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. + authorization: + description: "`authorization` configures + the Authorization header credentials to + use when scraping the target. \n Cannot + be set at the same time as `basicAuth`, + or `oauth2`." + properties: + credentials: + description: Selects a key of a Secret + in the namespace that contains the + credentials for authentication. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication + type. The value is case-insensitive. + \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: "`basicAuth` configures the + Basic Authentication credentials to use + when scraping the target. \n Cannot be + set at the same time as `authorization`, + or `oauth2`." + properties: + password: + description: '`password` specifies a + key of a Secret containing the password + for authentication.' + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a + key of a Secret containing the username + for authentication.' + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenFile: + description: "File to read bearer token + for scraping the target. \n Deprecated: + use `authorization` instead." + type: string + bearerTokenSecret: + description: "`bearerTokenSecret` specifies + a key of a Secret containing the bearer + token for scraping targets. The secret + needs to be in the same namespace as the + ServiceMonitor object and readable by + the Prometheus Operator. \n Deprecated: + use `authorization` instead." + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: '`enableHttp2` can be used + to disable HTTP2 when scraping the target.' + type: boolean + filterRunning: + description: "When true, the pods which + are not running (e.g. either in Failed + or Succeeded state) are dropped during + the target discovery. \n If unset, the + filtering is enabled. \n More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + type: boolean + followRedirects: + description: '`followRedirects` defines + whether the scrape requests should follow + HTTP 3xx redirects.' + type: boolean + honorLabels: + description: When true, `honorLabels` preserves + the metric's labels when they collide + with the target's labels. + type: boolean + honorTimestamps: + description: '`honorTimestamps` controls + whether Prometheus preserves the timestamps + when exposed by the target.' + type: boolean + interval: + description: "Interval at which Prometheus + scrapes the metrics from the target. \n + If empty, Prometheus uses the global scrape + interval." + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. + metricRelabelings: + description: '`metricRelabelings` configures + the relabeling rules to apply to the samples + before ingestion.' items: - description: HTTPHeader describes a custom - header to be used in HTTP probes + description: "RelabelConfig allows dynamic + rewriting of the label set for targets, + alerts, scraped samples and remote write + samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. + action: + default: replace + description: "Action to perform based + on the regex matching. \n `Uppercase` + and `Lowercase` actions require + Prometheus >= v2.36.0. `DropEqual` + and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: + \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the + hash of the source label values. + \n Only applicable when the action + is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against + which the extracted value is matched. + type: string + replacement: + description: "Replacement value against + which a Replace action is performed + if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string + between concatenated SourceLabels. + type: string + sourceLabels: + description: The source labels select + values from existing labels. Their + content is concatenated using the + configured Separator and matched + against the configured regular expression. + items: + description: LabelName is a valid + Prometheus label name which may + only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting + string is written in a replacement. + \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." + type: string + type: object + type: array + oauth2: + description: "`oauth2` configures the OAuth2 + settings to use when scraping the target. + \n It requires Prometheus >= 2.27.0. \n + Cannot be set at the same time as `authorization`, + or `basicAuth`." + properties: + clientId: + description: '`clientId` specifies a + key of a Secret or ConfigMap containing + the OAuth2 client''s ID.' + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies + a key of a Secret containing the OAuth2 + client''s secret.' + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: type: string - value: - description: The header field value + description: '`endpointParams` configures + the HTTP parameters to append to the + token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 + scopes used for the token request.' + items: type: string - required: - - name - - value - type: object - type: array + type: array + tokenUrl: + description: '`tokenURL` configures + the URL to fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: params define optional HTTP + URL parameters. + type: object path: - description: Path to access on the HTTP - server. + description: "HTTP path from which to scrape + for metrics. \n If empty, Prometheus uses + the default value (e.g. `/metrics`)." type: string port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' + description: "Name of the Service port which + this endpoint refers to. \n It takes precedence + over `targetPort`." type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. + proxyUrl: + description: '`proxyURL` configures the + HTTP Proxy URL (e.g. "http://proxyserver:2195") + to go through when scraping the target.' type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. + relabelings: + description: "`relabelings` configures the + relabeling rules to apply the target's + metadata labels. \n The Operator automatically + adds relabelings for a few standard Kubernetes + fields. \n The original scrape job's name + is available via the `__tmp_prometheus_job_name` + label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: HTTPHeader describes a custom - header to be used in HTTP probes + description: "RelabelConfig allows dynamic + rewriting of the label set for targets, + alerts, scraped samples and remote write + samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. + action: + default: replace + description: "Action to perform based + on the regex matching. \n `Uppercase` + and `Lowercase` actions require + Prometheus >= v2.36.0. `DropEqual` + and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: + \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the + hash of the source label values. + \n Only applicable when the action + is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against + which the extracted value is matched. + type: string + replacement: + description: "Replacement value against + which a Replace action is performed + if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string + between concatenated SourceLabels. type: string - value: - description: The header field value + sourceLabels: + description: The source labels select + values from existing labels. Their + content is concatenated using the + configured Separator and matched + against the configured regular expression. + items: + description: LabelName is a valid + Prometheus label name which may + only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting + string is written in a replacement. + \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." type: string - required: - - name - - value type: object type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: "HTTP scheme to use for scraping. + \n `http` and `https` are the expected + values unless you rewrite the `__scheme__` + label via relabeling. \n If empty, Prometheus + uses the default value `http`." + enum: + - http + - https type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' + scrapeTimeout: + description: "Timeout after which Prometheus + considers the scrape to be failed. \n + If empty, Prometheus uses the global scrape + timeout unless it is less than the target's + scrape interval value in which the latter + is used." + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - port: + targetPort: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. + description: Name or number of the target + port of the `Pod` object behind the Service. + The port must be specified with the container's + port property. x-kubernetes-int-or-string: true - required: - - port + tlsConfig: + description: TLS configuration to use when + scraping the target. + properties: + ca: + description: Certificate authority used + when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in + the Prometheus container to use for + the targets. + type: string + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert + file in the Prometheus container for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keyFile: + description: Path to the client key + file in the Prometheus container for + the targets. + type: string + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + trackTimestampsStaleness: + description: "`trackTimestampsStaleness` + defines whether Prometheus tracks staleness + of the metrics that have an explicit timestamp + present in scraped data. Has no effect + if `honorTimestamps` is false. \n It requires + Prometheus >= v2.48.0." + type: boolean type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. + type: array + jobLabel: + description: "`jobLabel` selects the label from + the associated Kubernetes `Service` object which + will be used as the `job` label for all metrics. + \n For example if `jobLabel` is set to `foo` + and the Kubernetes `Service` object is labeled + with `foo: bar`, then Prometheus adds the `job=\"bar\"` + label to all ingested metrics. \n If the value + of this field is empty or if the label doesn't + exist for the given Service, the `job` label + of the metrics defaults to the name of the associated + Kubernetes `Service`." type: string - hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. - format: int32 + keepDroppedTargets: + description: "Per-scrape limit on the number of + targets dropped by relabeling that will be kept + in memory. 0 means no limit. \n It requires + Prometheus >= v2.47.0." + format: int64 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + labelLimit: + description: "Per-scrape limit on number of labels + that will be accepted for a sample. \n It requires + Prometheus >= v2.27.0." + format: int64 + type: integer + labelNameLengthLimit: + description: "Per-scrape limit on length of labels + name that will be accepted for a sample. \n + It requires Prometheus >= v2.27.0." + format: int64 + type: integer + labelValueLengthLimit: + description: "Per-scrape limit on length of labels + value that will be accepted for a sample. \n + It requires Prometheus >= v2.27.0." + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces + the Kubernetes `Endpoints` objects are discovered + from. + properties: + any: + description: Boolean describing whether all + namespaces are selected in contrast to a + list restricting them. + type: boolean + matchNames: + description: List of namespace names to select + from. + items: + type: string + type: array + type: object + podTargetLabels: + description: '`podTargetLabels` defines the labels + which are transferred from the associated Kubernetes + `Pod` object onto the ingested metrics.' + items: type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + type: array + sampleLimit: + description: '`sampleLimit` defines a per-scrape + limit on the number of scraped samples that + will be accepted.' + format: int64 + type: integer + scrapeClass: + description: The scrape class to apply. + minLength: 1 + type: string + scrapeProtocols: + description: "`scrapeProtocols` defines the protocols + to negotiate during a scrape. It tells clients + the protocols supported by Prometheus in order + of preference (from most to least preferred). + \n If unset, Prometheus uses its default value. + \n It requires Prometheus >= v2.49.0." + items: + description: 'ScrapeProtocol represents a protocol + used by Prometheus for scraping metrics. Supported + values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` + * `PrometheusProto` * `PrometheusText0.0.4`' + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value + type: array + x-kubernetes-list-type: set + selector: + description: Label selector to select the Kubernetes + `Endpoints` objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' + type: object + x-kubernetes-map-type: atomic + targetLabels: + description: '`targetLabels` defines the labels + which are transferred from the associated Kubernetes + `Service` object onto the ingested metrics.' + items: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' + type: array + targetLimit: + description: '`targetLimit` defines a limit on + the number of scraped targets that will be accepted.' + format: int64 + type: integer + required: + - selector + type: object + type: object + type: object + type: object + required: + - enabled + type: object + numHistoryShards: + description: NumHistoryShards is the desired number of history shards. + This field is immutable. + format: int32 + minimum: 1 + type: integer + persistence: + description: Persistence defines temporal persistence configuration. + properties: + advancedVisibilityStore: + description: AdvancedVisibilityStore holds the advanced visibility + datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: type: string - terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persistence + spec. Defaults to "default" for default sore, "visibility" + for visibility store, "secondaryVisibility" for secondary + visibility store and "advancedVisibility" for advanced visibility + store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + gcpServiceAccount: + description: GCPServiceAccount is the service account + to use to authenticate with GCP CloudSQL. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + type: object + defaultStore: + description: DefaultStore holds the default datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: type: string - required: - - name - type: object - type: array - membershipPort: - description: 'MembershipPort defines a custom membership port - for the service. Default values are: 6933 for Frontend service - 6934 for History service 6935 for Matching service 6939 - for Worker service' - type: integer - overrides: - description: Overrides adds some overrides to the resources - deployed for the service. Those overrides takes precedence - over spec.services.overrides. + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. properties: - deployment: - description: Override configuration for the temporal service - Deployment. + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. properties: - metadata: - description: ObjectMetaOverride provides the ability - to override an object metadata. It's a subset of - the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key - value map stored with a resource that may be - set by external tools to store and retrieve - arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values that - can be used to organize and categorize (scope - and select) objects. - type: object - type: object - spec: - description: Specification of the desired behavior - of the Deployment. - properties: - template: - description: Template describes the pods that - will be created. - properties: - metadata: - description: ObjectMetaOverride provides the - ability to override an object metadata. - It's a subset of the fields included in - k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured - key value map stored with a resource - that may be set by external tools to - store and retrieve arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. - type: object - type: object - spec: - description: Specification of the desired - behavior of the pod. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version type: object - port: - description: 'Port defines a custom gRPC port for the service. - Default values are: 7233 for Frontend service 7234 for History - service 7235 for Matching service 7239 for Worker service' - type: integer - replicas: - description: Number of desired replicas for the service. Default - to 1. - format: int32 - minimum: 1 - type: integer - resources: - description: 'Compute Resources required by this service. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persistence + spec. Defaults to "default" for default sore, "visibility" + for visibility store, "secondaryVisibility" for secondary + visibility store and "advancedVisibility" for advanced visibility + store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: + type: string + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + gcpServiceAccount: + description: GCPServiceAccount is the service account + to use to authenticate with GCP CloudSQL. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled type: object type: object - internalFrontend: - description: Internal Frontend service custom specifications. - Only compatible with temporal >= 1.20.0 + secondaryVisibilityStore: + description: SecondaryVisibilityStore holds the secondary visibility + datastore specs. Feature only available for clusters >= 1.21.0. properties: - enabled: - default: false - description: Enabled defines if we want to spawn the internal - frontend service. - type: boolean - httpPort: - description: 'HTTPPort defines a custom http port for the - service. Default values are: 7243 for Frontend service' - type: integer - initContainers: - description: InitContainers adds a list of init containers - to the service's deployment. - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: type: string - securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persistence + spec. Defaults to "default" for default sore, "visibility" + for visibility store, "secondaryVisibility" for secondary + visibility store and "advancedVisibility" for advanced visibility + store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: type: string - terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + gcpServiceAccount: + description: GCPServiceAccount is the service account + to use to authenticate with GCP CloudSQL. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + type: object + visibilityStore: + description: VisibilityStore holds the visibility datastore specs. + properties: + cassandra: + description: Cassandra holds all connection parameters for + Cassandra datastore. Note that cassandra is now deprecated + for visibility store. + properties: + connectTimeout: + description: ConnectTimeout is a timeout for initial dial + to cassandra server. + type: string + consistency: + description: Consistency configuration. + properties: + consistency: + description: Consistency sets the default consistency + level. Values identical to gocql Consistency values. + (defaults to LOCAL_QUORUM if not set). + enum: + - ANY + - ONE + - TWO + - THREE + - QUORUM + - ALL + - LOCAL_QUORUM + - EACH_QUORUM + - LOCAL_ONE + type: integer + serialConsistency: + description: SerialConsistency sets the consistency + for the serial prtion of queries. Values identical + to gocql SerialConsistency values. (defaults to + LOCAL_SERIAL if not set) + enum: + - SERIAL + - LOCAL_SERIAL + type: integer + type: object + datacenter: + description: Datacenter is the data center filter arg + for cassandra. + type: string + disableInitialHostLookup: + description: DisableInitialHostLookup instructs the gocql + client to connect only using the supplied hosts. + type: boolean + hosts: + description: Hosts is a list of cassandra endpoints. + items: type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. + type: array + keyspace: + description: Keyspace is the cassandra keyspace. + type: string + maxConns: + description: MaxConns is the max number of connections + to this datastore for a single keyspace. + type: integer + port: + description: Port is the cassandra port used for connection + by gocql client. + type: integer + user: + description: User is the cassandra user used for authentication + by gocql client. + type: string + required: + - hosts + - keyspace + - port + - user + type: object + elasticsearch: + description: Elasticsearch holds all connection parameters + for Elasticsearch datastores. + properties: + closeIdleConnectionsInterval: + description: CloseIdleConnectionsInterval is the max duration + a connection stay open while idle. + type: string + enableHealthcheck: + description: EnableHealthcheck enables or disables healthcheck + on the temporal cluster's es client. + type: boolean + enableSniff: + description: EnableSniff enables or disables sniffer on + the temporal cluster's es client. + type: boolean + indices: + description: Indices holds visibility index names. + properties: + secondaryVisibility: + description: SecondaryVisibility defines secondary + visibility's index name. + type: string + visibility: + default: temporal_visibility_v1 + description: Visibility defines visibility's index + name. + type: string + required: + - visibility + type: object + logLevel: + description: LogLevel defines the temporal cluster's es + client logger level. + type: string + url: + description: URL is the connection url to connect to the + instance. + pattern: ^https?:\/\/.+$ + type: string + username: + description: Username is the username to be used for the + connection. + type: string + version: + default: v7 + description: Version defines the elasticsearch version. + pattern: ^v(6|7|8)$ + type: string + required: + - indices + - url + - username + - version + type: object + name: + description: Name is the name of the datastore. It should + be unique and will be referenced within the persistence + spec. Defaults to "default" for default sore, "visibility" + for visibility store, "secondaryVisibility" for secondary + visibility store and "advancedVisibility" for advanced visibility + store. + type: string + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + skipCreate: + description: SkipCreate instructs the operator to skip creating + the database for SQL datastores or to skip creating keyspace + for Cassandra. Use this option if your database or keyspace + has already been provisioned by an administrator. + type: boolean + sql: + description: SQL holds all connection parameters for SQL datastores. + properties: + connectAddr: + description: ConnectAddr is the remote addr of the database. + type: string + connectAttributes: + additionalProperties: type: string - required: - - name + description: ConnectAttributes is a set of key-value attributes + to be sent as part of connect data_source_name url + type: object + connectProtocol: + description: ConnectProtocol is the protocol that goes + with the ConnectAddr. + type: string + databaseName: + description: DatabaseName is the name of SQL database + to connect to. + type: string + gcpServiceAccount: + description: GCPServiceAccount is the service account + to use to authenticate with GCP CloudSQL. + type: string + maxConnLifetime: + description: MaxConnLifetime is the maximum time a connection + can be alive + type: string + maxConns: + description: MaxConns the max number of connections to + this datastore. + type: integer + maxIdleConns: + description: MaxIdleConns is the max number of idle connections + to this datastore. + type: integer + pluginName: + description: PluginName is the name of SQL plugin. + enum: + - postgres + - postgres12 + - mysql + - mysql8 + type: string + taskScanPartitions: + description: TaskScanPartitions is the number of partitions + to sequentially scan during ListTaskQueue operations. + type: integer + user: + description: User is the username to be used for the connection. + type: string + required: + - connectAddr + - databaseName + - pluginName + - user + type: object + tls: + description: TLS is an optional option to connect to the datastore + using TLS. + properties: + caFileRef: + description: CaFileRef is a reference to a secret containing + the ca file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + certFileRef: + description: CertFileRef is a reference to a secret containing + the cert file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + enableHostVerification: + description: EnableHostVerification defines if the hostname + should be verified when connecting to the datastore. + type: boolean + enabled: + description: Enabled defines if the cluster should use + a TLS connection to connect to the datastore. + type: boolean + keyFileRef: + description: KeyFileRef is a reference to a secret containing + the key file. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + serverName: + description: ServerName the datastore should present. + type: string + required: + - enableHostVerification + - enabled + type: object + type: object + required: + - defaultStore + - visibilityStore + type: object + services: + description: Services allows customizations for each temporal services + deployment. + properties: + frontend: + description: Frontend service custom specifications. + properties: + httpPort: + description: 'HTTPPort defines a custom http port for the + service. Default values are: 7243 for Frontend service' + type: integer + initContainers: + description: InitContainers adds a list of init containers + to the service's deployment. + items: + description: A single application container that you want + to run within a pod. type: object + x-kubernetes-preserve-unknown-fields: true type: array membershipPort: description: 'MembershipPort defines a custom membership port @@ -8699,1425 +2974,194 @@ spec: resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - matching: - description: Matching service custom specifications. - properties: - httpPort: - description: 'HTTPPort defines a custom http port for the - service. Default values are: 7243 for Frontend service' - type: integer - initContainers: - description: InitContainers adds a list of init containers - to the service's deployment. - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + history: + description: History service custom specifications. + properties: + httpPort: + description: 'HTTPPort defines a custom http port for the + service. Default values are: 7243 for Frontend service' + type: integer + initContainers: + description: InitContainers adds a list of init containers + to the service's deployment. + items: + description: A single application container that you want + to run within a pod. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + membershipPort: + description: 'MembershipPort defines a custom membership port + for the service. Default values are: 6933 for Frontend service + 6934 for History service 6935 for Matching service 6939 + for Worker service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. properties: - containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + annotations: + additionalProperties: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + required: + - name type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. - type: string - required: - - name + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + internalFrontend: + description: Internal Frontend service custom specifications. + Only compatible with temporal >= 1.20.0 + properties: + enabled: + default: false + description: Enabled defines if we want to spawn the internal + frontend service. + type: boolean + httpPort: + description: 'HTTPPort defines a custom http port for the + service. Default values are: 7243 for Frontend service' + type: integer + initContainers: + description: InitContainers adds a list of init containers + to the service's deployment. + items: + description: A single application container that you want + to run within a pod. type: object + x-kubernetes-preserve-unknown-fields: true type: array membershipPort: description: 'MembershipPort defines a custom membership port @@ -10256,75 +3300,8 @@ spec: type: object type: object type: object - overrides: - description: Overrides adds some overrides to the resources deployed - for all temporal services services. Those overrides can be customized - per service using spec.services..overrides. - properties: - deployment: - description: Override configuration for the temporal service - Deployment. - properties: - metadata: - description: ObjectMetaOverride provides the ability to - override an object metadata. It's a subset of the fields - included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. - type: object - type: object - spec: - description: Specification of the desired behavior of - the Deployment. - properties: - template: - description: Template describes the pods that will - be created. - properties: - metadata: - description: ObjectMetaOverride provides the ability - to override an object metadata. It's a subset - of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. - type: object - labels: - additionalProperties: - type: string - description: Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. - type: object - type: object - spec: - description: Specification of the desired behavior - of the pod. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - type: object - worker: - description: Worker service custom specifications. + matching: + description: Matching service custom specifications. properties: httpPort: description: 'HTTPPort defines a custom http port for the @@ -10336,1398 +3313,228 @@ spec: items: description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + membershipPort: + description: 'MembershipPort defines a custom membership port + for the service. Default values are: 6933 for Frontend service + 6934 for History service 6935 for Matching service 6939 + for Worker service' + type: integer + overrides: + description: Overrides adds some overrides to the resources + deployed for the service. Those overrides takes precedence + over spec.services.overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset of + the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. properties: - containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + annotations: + additionalProperties: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' + description: Annotations is an unstructured key + value map stored with a resource that may be + set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + additionalProperties: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy + description: Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. + type: object type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. + spec: + description: Specification of the desired behavior + of the Deployment. + properties: + template: + description: Template describes the pods that + will be created. properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name + metadata: + description: ObjectMetaOverride provides the + ability to override an object metadata. + It's a subset of the fields included in + k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource + that may be set by external tools to + store and retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired + behavior of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + type: object + type: object + port: + description: 'Port defines a custom gRPC port for the service. + Default values are: 7233 for Frontend service 7234 for History + service 7235 for Matching service 7239 for Worker service' + type: integer + replicas: + description: Number of desired replicas for the service. Default + to 1. + format: int32 + minimum: 1 + type: integer + resources: + description: 'Compute Resources required by this service. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + required: + - name type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + overrides: + description: Overrides adds some overrides to the resources deployed + for all temporal services services. Those overrides can be customized + per service using spec.services..overrides. + properties: + deployment: + description: Override configuration for the temporal service + Deployment. + properties: + metadata: + description: ObjectMetaOverride provides the ability to + override an object metadata. It's a subset of the fields + included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name + labels: + additionalProperties: + type: string + description: Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. + type: object + type: object + spec: + description: Specification of the desired behavior of + the Deployment. + properties: + template: + description: Template describes the pods that will + be created. + properties: + metadata: + description: ObjectMetaOverride provides the ability + to override an object metadata. It's a subset + of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. + type: object + labels: + additionalProperties: + type: string + description: Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. + type: object + type: object + spec: + description: Specification of the desired behavior + of the pod. + type: object + x-kubernetes-preserve-unknown-fields: true type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. - type: string - required: - - name + type: object + type: object + type: object + worker: + description: Worker service custom specifications. + properties: + httpPort: + description: 'HTTPPort defines a custom http port for the + service. Default values are: 7243 for Frontend service' + type: integer + initContainers: + description: InitContainers adds a list of init containers + to the service's deployment. + items: + description: A single application container that you want + to run within a pod. type: object + x-kubernetes-preserve-unknown-fields: true type: array membershipPort: description: 'MembershipPort defines a custom membership port @@ -11888,7 +3695,7 @@ spec: additionalProperties: type: string description: Annotations allows custom annotations on the - ingress ressource. + ingress resource. type: object hosts: description: Host is the list of host the ingress should use. @@ -12160,7 +3967,7 @@ spec: description: Persistence holds all datastores statuses. properties: advancedVisibilityStore: - description: AdvancedVisibilityStore holds the avanced visibility + description: AdvancedVisibilityStore holds the advanced visibility datastore status. properties: created: @@ -12174,7 +3981,7 @@ spec: description: Setup indicates if tables have been set up. type: boolean type: - description: Type indicates the datastore stype. + description: Type indicates the datastore type. type: string required: - created @@ -12194,7 +4001,7 @@ spec: description: Setup indicates if tables have been set up. type: boolean type: - description: Type indicates the datastore stype. + description: Type indicates the datastore type. type: string required: - created @@ -12215,7 +4022,7 @@ spec: description: Setup indicates if tables have been set up. type: boolean type: - description: Type indicates the datastore stype. + description: Type indicates the datastore type. type: string required: - created @@ -12235,7 +4042,7 @@ spec: description: Setup indicates if tables have been set up. type: boolean type: - description: Type indicates the datastore stype. + description: Type indicates the datastore type. type: string required: - created @@ -12504,281 +4311,3 @@ spec: storage: true subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: temporalworkerprocesses.temporal.io -spec: - group: temporal.io - names: - kind: TemporalWorkerProcess - listKind: TemporalWorkerProcessList - plural: temporalworkerprocesses - singular: temporalworkerprocess - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type == 'Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status - name: ReconcileSuccess - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TemporalWorkerProcess is the Schema for the temporalworkerprocesses - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess. - properties: - builder: - description: Builder is the configuration for building a TemporalWorkerProcess. - THIS FEATURE IS HIGHLY EXPERIMENTAL. - properties: - attempt: - description: BuildAttempt is the build attempt number of a given - version - format: int32 - type: integer - buildDir: - description: BuildDir is the location of where the sources will - be built. - type: string - buildRegistry: - description: BuildRegistry specifies how to connect to container - registry. - properties: - passwordSecretRef: - description: PasswordSecret is the reference to the secret - holding the docker repo password. - properties: - key: - description: Key in the Secret. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - repository: - description: Repository is the fqdn to the image repo. - type: string - username: - description: Username is the username for the container repo. - type: string - required: - - passwordSecretRef - - repository - - username - type: object - enabled: - description: Enabled defines if the operator should build the - temporal worker process. - type: boolean - gitRepository: - description: GitRepository specifies how to connect to Git source - control. - properties: - reference: - description: Reference specifies the Git reference to resolve - and monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'main' if - no other field is defined. - type: string - type: object - url: - description: URL specifies the Git repository URL, it can - be an HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - required: - - url - type: object - image: - description: Image is the image that will be used to build worker - image. - type: string - version: - description: Version is the version of the image that will be - used to build worker image. - type: string - required: - - enabled - type: object - clusterRef: - description: Reference to the temporal cluster the worker will connect - to. - properties: - name: - description: The name of the TemporalCluster to reference. - type: string - namespace: - description: The namespace of the TemporalCluster to reference. - Defaults to the namespace of the requested resource if omitted. - type: string - type: object - image: - description: Image defines the temporal worker docker image the instance - should run. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling temporal images from registries. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jobTtlSecondsAfterFinished: - default: 300 - description: JobTTLSecondsAfterFinished is amount of time to keep - job pods after jobs are completed. Defaults to 300 seconds. - format: int32 - minimum: 1 - type: integer - pullPolicy: - description: Image pull policy for determining how to pull worker - process images. - type: string - replicas: - description: Number of desired replicas. Default to 1. - format: int32 - minimum: 1 - type: integer - temporalNamespace: - description: TemporalNamespace that worker will poll. - type: string - version: - description: Version defines the worker process version. - type: string - required: - - clusterRef - - image - - temporalNamespace - type: object - status: - description: TemporalWorkerProcessStatus defines the observed state of - TemporalWorkerProcess. - properties: - attempt: - description: BuildAttempt is the build attempt number of a given version - format: int32 - type: integer - conditions: - description: Conditions represent the latest available observations - of the worker process state. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - created: - description: Created indicates if the worker process image was created. - type: boolean - ready: - description: Ready defines if the worker process is ready. - type: boolean - version: - description: Version is the version of the image that will be used - to build worker image. - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/temporal-operator/templates/manager-rbac.yaml b/charts/temporal-operator/templates/manager-rbac.yaml index 56e4a535..2a189095 100644 --- a/charts/temporal-operator/templates/manager-rbac.yaml +++ b/charts/temporal-operator/templates/manager-rbac.yaml @@ -211,32 +211,6 @@ rules: - get - patch - update -- apiGroups: - - temporal.io - resources: - - temporalworkerprocesses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - temporal.io - resources: - - temporalworkerprocesses/finalizers - verbs: - - update -- apiGroups: - - temporal.io - resources: - - temporalworkerprocesses/status - verbs: - - get - - patch - - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/temporal-operator/templates/mutating-webhook-configuration.yaml b/charts/temporal-operator/templates/mutating-webhook-configuration.yaml index fcc3b1da..a6c2d84a 100644 --- a/charts/temporal-operator/templates/mutating-webhook-configuration.yaml +++ b/charts/temporal-operator/templates/mutating-webhook-configuration.yaml @@ -26,24 +26,4 @@ webhooks: - UPDATE resources: - temporalclusters - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: '{{ include "temporal-operator.fullname" . }}-webhook-service' - namespace: '{{ .Release.Namespace }}' - path: /mutate-temporal-io-v1beta1-temporalworkerprocess - failurePolicy: Fail - name: mtemporalworkerprocess.kb.io - rules: - - apiGroups: - - temporal.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - temporalworkerprocesses sideEffects: None \ No newline at end of file diff --git a/charts/temporal-operator/templates/validating-webhook-configuration.yaml b/charts/temporal-operator/templates/validating-webhook-configuration.yaml index babf8651..982cb609 100644 --- a/charts/temporal-operator/templates/validating-webhook-configuration.yaml +++ b/charts/temporal-operator/templates/validating-webhook-configuration.yaml @@ -26,24 +26,4 @@ webhooks: - UPDATE resources: - temporalclusters - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: '{{ include "temporal-operator.fullname" . }}-webhook-service' - namespace: '{{ .Release.Namespace }}' - path: /validate-temporal-io-v1beta1-temporalworkerprocess - failurePolicy: Fail - name: vtemporalworkerprocess.kb.io - rules: - - apiGroups: - - temporal.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - temporalworkerprocesses sideEffects: None \ No newline at end of file diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index e8dc7939..abf27810 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,4 +4,4 @@ resources: - manager.yaml images: - name: ghcr.io/alexandrevilain/temporal-operator - newTag: v0.17.0 + newTag: v0.18.0 diff --git a/config/manifests/bases/temporal-operator.clusterserviceversion.yaml b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml index a9b72f0e..18597878 100644 --- a/config/manifests/bases/temporal-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml @@ -208,7 +208,7 @@ spec: provider: name: Temporal Community url: https://temporal.io/ - replaces: temporal-operator.v0.16.2 + replaces: temporal-operator.v0.17.0 version: 0.10.0 webhookdefinitions: - admissionReviewVersions: diff --git a/config/manifests/bases/temporal-operator.clusterserviceversion.yaml-e b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml-e new file mode 100644 index 00000000..18597878 --- /dev/null +++ b/config/manifests/bases/temporal-operator.clusterserviceversion.yaml-e @@ -0,0 +1,253 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "temporal.io/v1beta1", + "kind": "TemporalCluster", + "metadata": { + "name": "prod", + "namespace": "demo" + }, + "spec": { + "jobTtlSecondsAfterFinished": 300, + "numHistoryShards": 1, + "persistence": { + "defaultStore": { + "passwordSecretRef": { + "key": "PASSWORD", + "name": "postgres-password" + }, + "sql": { + "connectAddr": "postgres.demo.svc.cluster.local:5432", + "connectProtocol": "tcp", + "databaseName": "temporal", + "pluginName": "postgres", + "user": "temporal" + } + }, + "visibilityStore": { + "passwordSecretRef": { + "key": "PASSWORD", + "name": "postgres-password" + }, + "sql": { + "connectAddr": "postgres.demo.svc.cluster.local:5432", + "connectProtocol": "tcp", + "databaseName": "temporal_visibility", + "pluginName": "postgres", + "user": "temporal" + } + } + }, + "ui": { + "enabled": true + "overrides": { + "service": { + "annotations": { + "foo": "bar" + }, + "labels": { + "baz": "baf" + } + } + } + }, + "version": "1.17.4" + } + }, + { + "apiVersion": "temporal.io/v1beta1", + "kind": "TemporalClusterClient", + "metadata": { + "name": "my-worker", + "namespace": "demo" + }, + "spec": { + "clusterRef": { + "name": "prod" + } + } + }, + { + "apiVersion": "temporal.io/v1beta1", + "kind": "TemporalNamespace", + "metadata": { + "name": "accounting" + }, + "spec": { + "clusterRef": { + "name": "prod" + }, + "description": "Accounting team namespace", + "retentionPeriod": "168h" + } + } + ] + capabilities: Seamless Upgrades + categories: Application Runtime, Developer Tools, AI/Machine Learning + containerImage: ghcr.io/alexandrevilain/temporal-operator + operators.operatorframework.io/builder: operator-sdk-v1.23.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + name: temporal-operator.v0.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A TemporalClusterClient creates a new mTLS client in the targeted + temporal cluster. + displayName: Temporal Cluster Client + kind: TemporalClusterClient + name: temporalclusterclients.temporal.io + version: v1beta1 + - description: TemporalCluster defines a temporal cluster deployment. + displayName: Temporal Cluster + kind: TemporalCluster + name: temporalclusters.temporal.io + version: v1beta1 + - description: A TemporalNamespace creates a namespace in the targeted temporal + cluster. + displayName: Temporal Namespace + kind: TemporalNamespace + name: temporalnamespaces.temporal.io + version: v1beta1 + description: | + ## Temporal + Temporal is a durable workflow execution environment for applications. The Temporal operator will deploy all required Temporal server services and dependencies. You will need to deploy database, elasticsearch (optional) and prometheus/grafana (optional) separately. Temporal supports native MySQL, PostgreSQL or Cassandra databases. + + ## Quick Setup + Follow these steps to deploy a Temporal cluster instance with a test PostgreSQL database. + + ### Create Demo Namespace + 
+    $ kubectl apply -f https://raw.githubusercontent.com/alexandrevilain/temporal-operator/main/examples/cluster-postgres/00-namespace.yaml
+
+ + ### Deploy PostgreSQL database + 
+    $ kubectl apply -f https://raw.githubusercontent.com/alexandrevilain/temporal-operator/main/examples/cluster-postgres/01-postgresql.yaml
+
+ + ### Create TemporalCluster CustomResource + 
+    $ vi temporalcluster.yaml
+    apiVersion: temporal.io/v1beta1
+    kind: TemporalCluster
+    metadata:
+      name: prod
+    spec:
+      jobTtlSecondsAfterFinished: 300
+      numHistoryShards: 512
+      persistence:
+        defaultStore:
+          passwordSecretRef:
+            key: PASSWORD
+            name: postgres-password
+          sql:
+            connectAddr: 'postgres.demo.svc.cluster.local:5432'
+            connectProtocol: tcp
+            databaseName: temporal
+            pluginName: postgres
+            user: temporal
+        visibilityStore:
+          passwordSecretRef:
+            key: PASSWORD
+            name: postgres-password
+          sql:
+            connectAddr: 'postgres.demo.svc.cluster.local:5432'
+            connectProtocol: tcp
+            databaseName: temporal_visibility
+            pluginName: postgres
+            user: temporal
+      ui:
+        enabled: true
+      version: 1.23.0
+
+ + ### Apply TemporalCluster CustomResource + 
+    $ kubectl apply -f temporal.yaml -n demo
+
+ displayName: Temporal Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAbZklEQVR4nOydeVRU5/3/7wzDFlRUkH0TBILD5rBDBQZEI1s1tEnDIjmApz1t3AJGTBfNObVp2vSoTRMCRaOJ0h4VqwKGsDhADKvsoKK4YEC2ASSHbWZg5nfKfJv4M3M/s917Z+6d+/r388zzvGXePvfOs3w+TISGBgdoY9HgAm0sGlygjUWDC7SxaHCBNhYNLtDGosEFlqYFaDVGRkZbtmwJCQlxc3Nbu3YtgiCTk5P37t1raGioqqpaWFjQtEAasrF9+/aamprvQHg83iuvvKJppVoKQ9MCtI7Q0NDCwkI7OzsF2w8ODmZlZdXX1+Osi2TQxvoBFotVWFj46quvqvDZ4uLi3bt3Ly4u4qCLlNDG+j9sbGxu3LhhY2Ojcg9Pnz7lcrnDw8OY6iIrtLH+C5vN5vF4RkZGavazsLDA5XJ7e3sx0kViaGMhXl5etbW1LBY2P5AXFxfDw8N7enow6Y286LqxHB0db926ZWhoiGGfAoHAz8/vyZMnGPZJOnTaWCYmJr29vdIFKmyZmJhgs9lzc3OY90wWdHrlvaysTEFX8fn8r5bh8/mKtDczMysrK1NbIA0J+d3vfgevf0opLy93dXV9/oOurq7l5eWKfPa3v/2t5v59GkZHH4VsNruhoQFuI5FIfvWrX/3rX/+SGU1OTs7Ly2Mw5PwBQ0JCdPNHoo4a6+7du/CSlUgkio6O7ujoANps2rSpqqpKX18faDM0NOTh4aGGUrKii+9Yhw8fhl0lFou5XC7sKgRB2tvbo6KixGIx0MbW1jY3N1dVpSRG52YsMzOzBw8eMJnQ/6jXX3/9yy+/VLDD2NjYf//730ADsVjs4uIyMTGhpFJyo6dpAUTz2Wefubm5AQ0++uij/Px8xTu8f//+ypUrAwMD0RowGAxXV9fi4mIllZIb3Zqx3N3dW1pagAb379/38/NToefW1tYXfjy+gL+//71791TomaTo1jvWP/7xDyAqkUh27typWs+vvvqqRCJReWjqoUPGYrPZQUFBQIPjx4+rvA8zMDBw4sQJoEFwcPDGjRtV65yM6NCjsKysbPPmzWjR6elpR0dH+CceDJPJHBgYMDU1RWtQV1cXHx+vcv/kQldmLDs7O8BVCIK8/fbb6rhK+usvOzsbaBAeHq74wVSyoyvG+sMf/gBEBwcHL168qP4oFy5cGBwcBBr8/ve/V38UUqATj0JDQ8OxsTFg++UXv/jF9evXMRkrLi4ObRdIOqtZWloKBAJMxtJmdGLG2r17N+Cq4eFhrFwlfZMDTiczmcysrCysxtJmdMJY+/btA6JHjx7Fdrj33nsPiO7fvx/b4bQT6j8Kvb29b968iRadm5uzsrLCfNDR0VFjY2O0aFhYWHd3N+aDahXUn7H27NkDRD/++GM8BoW7hSVRA4rPWAwGY2JiArgoYW9vPz09jfm4pqam3377LVp0cXERj/PQWgXFZ6xt27YBrqqrq8PDVdLlVuD5y2Kxtm3bhse42gPFjZWZmQlET548id/Q8A4PLIwCUPlRyGAwpqam0I5eCQSCdevW4SpgfHwc7WKZWCxes2YNvG9Naqg8Y8XExAAH+uDTeZhw4cIFtBCTydyyZQveAjQIlY2VnJwMRAsLC/EW8M9//hOIwvLIDpUfhXw+38DAQGZodnbW2tqaAA3Dw8MmJiYyQwQ8izUIZWcsNpuN5ir4IYUtwN62oaEhhU9oUdZYSUlJQPT8+fPEyIAHgkWSGso+Ctvb211cXGSGCF6fnJycRFtL6+/v53A4hCkhEmrOWPr6+miuQhCkqqqKSDHV1dVooQ0bNsD3XckLNY0VGRkJRAm+iQUPFxERQaAW4qCmseLi4oBoaWkpgVrkDAdLJS/UNBaQJXt4eHh2dpZIMTMzMyMjI2hRqib0pqCxWCwWkJpBI2mrgEFtbW2xylKpVVDQWD/5yU+AqOJJGTAEHjQsLIxALQRBQWNxuVwgWltbS6CW/6OmpgaIwoJJCgWNBfwkHBkZEQqFxMr5L0KhcHR0FC0K/4YlKRQ0lo+PD1oIWFLCG2BoX19fYrUQAdWMZWNjAxyV4fF4xMr5gRs3bqCFmEwmMTviREI1Y4WGhgJR+F0HV+B3O1g2GaGasYBfWEtLS2NjY8TK+YHR0VEgNwT1fhhSzVhAoqLOzk5itSghAM6vREaoZizghJPGSwoCAthsNrFacIdSxjI1NQXe3JuamoiVo4QAJpO5atUqYuXgC6WMtWnTJiDa3NxMoBalBVDsYBaljAV/NxovUfn06VMgCv+vIB2UMhbw3WhJkTfg3j1tLO3Fy8sLLdTe3k6sFtkAMgDxZIRSxlq/fj1aSONrDVIAGc7OzsRqwRfqGMvY2BhI29fV1UWsHNkAMhgMhvpFqbUH6hwxe/nll4GozCLNLBZr7dq1pv9jxTImJiZGRkbGxsaGhob6y7BYLOYy0pwLYrF4cXFRtIxAIJifn19YWJidnZ1ZZvp/TE5OLi4uKiLj+X+C3MpQZIE6xoKrt2VnZ1tbW1tZWVlaWlpYWGBbBBpGIBCMjY2Njo4ODw8DZ5Sl/wTKGIsK9wrt7Ow8PDx++ctfbt26VdNa1KKioiI/P//OnTtwTm9SQDJj6enpeXh4cDgcX19fb29vNpuNlhmB7MzOzvb09HR3d7cvc/v2bTXrGxCMthvL2Ng4ODg4NDQ0KCjI399/xYoVmlakMWZmZlpaWpqbm+vr6xsbG+fn5zWtCEIbjeXl5cXlciMjI8PCwoDcwzrO/Pz8zZs3a2pqeDwe/JtAI2iLsfz8/OLi4rZt2+bp6Sm3gjfNC0gkkp6envLy8rKysra2Nk3LQTRsLBsbm6SkpB07dvj7+9NmwgqJRNLS0nLlypXLly/Du5O4ooGvMyAgIDk5+Wc/+xlQgY0GE6anpy9dulRUVATXlcUD4owVHBycmZm5c+dOIB+aliCRSIRCoUAgEIlEQqFwaWlJui4qPTjFZDL19PQMDAz09fUNDQ0NDAy0f7oVCoX/+c9/Tp061djYSMyIuP9FnJyc3nrrrdTU1JdeegnvsdAQi8Wjo6NPnz4dHh4eXWZ8fHxiYoLP509NTT1bBquEDi+99NKaNWtWr169Zs0aMzMzc3PzdevWWS5jbW1tY2NjaWkJ19DHlbm5uS+++OLjjz9+/PgxrgPhZSwmk5mSkpKdna3xvdXJyUknJyfNavgxK1euXL9+vfP/cHFx2bBhg4WFBWGT38OHD//2t7+dP38ep+Ux7P8Z5ubmubm5GRkZuOa6mJ2d7ezs7Ojo6O7u7unpeffdd7dv3y6zZXd3N4nuwBgYGLz88suenp5eXl6+vr4+Pj64Lt2JRKLTp0//+c9/npiYwLZnLI21fv36999/PzY2FsM+v+fJkyf19fVNTU3Nzc29vb0v/D+rqqoKDAyU+cHy8vLXXnsND0nEwGQyN27cGBgYGBQUFBoa6ujoiMcoZWVlhw8fxvD5iI2xHBwcTp48GR0djUlvUubm5urq6ng8Xm1t7e3bt+HGvb299vb2MkNnzpzZu3cvhsI0joeHR0REBJfLDQ8Px3ZHq6qqav/+/ZictlXXWKtWrTp+/PjPf/5z9aVIH3AVFRXXr1+vqKiYmppS/INASvcPPvjg2LFjmMjTQtasWRMTExMbG7t161asHpoXL148cODAd999p04nahlr3759R48e1dPTU6cT6YJecXHxlStXVL7vAPwVDhw4cOrUKTUEkgYrK6sdO3YkJSUFBgaq+SNgaWnpyJEjf//731XuQcXh3dzcLl26pM6vrcXFxbKysnPnzlVWVqr/wwQwVlpa2tWrV9Xsn1xIC/WkpKTEx8erk5X58ePHSUlJ9+/fV0WDCp85ePBgS0uLaq4Si8XXrl1LSEhYu3ZtWlraV199pb6r4BO9fD5fzf5Jh1gsrqioSE9PNzMzi4+Pv3r1qmp/ZCcnp1u3buXk5KjwWeVmLGNj42vXrqmWaKCrq+vEiROXL1/GfOHE1tb2zp07aNGAgIC+vj5sRyQdTCZz586d+/fvB5KHATQ1NSUmJip1UEcJY9nb29fW1pqbmyulSSQSffbZZx9++CF8KlcdvLy8vvnmG7Tohg0bNJhkRtuwsrLKzs7OyMhQ9hHJ5/MjIiKAe5EvoOij0NPTs62tTSlXTU1N5eTkWFhY5OTk4OcqacoGIPrs2TP8hiYdIyMjBw8elH4pk5OTin/Q3Ny8tbVV8eQlChnL09Ozrq5O8QsI4+PjWVlZjo6OBQUFS0tLCn5KZWBjaSTpqJaztLRUUFDg5OSUmZk5Pj6u4KeMjIy+/vprBb0l31h2dnY8Hk/B/ZnZ2dm9e/e6uLgQVrdNrrFoAC5evOji4rJnzx4F9+BZLBaPx7O1tZXbUo6xDAwMeDyegnPVp59+6uDgcObMGUUaY4guH4THhLNnz9rb2+fl5SnS2MjIiMfjyX1Fk2Oss2fPWlpayh3s8ePHHA7nnXfeEYlEiojDFsBY5LrZokEWFxcPHTrE4XAePXokt7GVldXZs2fhNpCxoqOjFSkhVFBQ4O3t3d/fL7clTgD7ZVp+lUXb6O/v9/Hxyc/Pl9syPj4+KioKaAAZq6CgAO5dLBYnJyertoCGIcBNHtpYKnDw4MHk5GS5kz1sD1Rjvfbaa3ApbJFIFBkZSXCJNpkAK++0sVSjtLQ0IiICfrGxsLAADh+gGis3NxfoVCwWR0VFaUmiAcBY9FqDynR2dnK5XHjeAkwi21hmZmYbNmwAeszMzNSSjFPSQr1oIdpY6tDV1ZWRkQE0cHV1RauuLdtY8fHxQHfV1dUEV7+FAYylkV+pVOLy5ctwCW00q8g2FnxI/De/+Y2S8vAFWLz9cYYqGmV56623gCiaVWQby93dHa2j/v5+Dd6vlQlwm4pex1Kfp0+fAkey0Kwi+ysBNpsbGhpUkocjgLEkEgmxWqgJ8KWjWUX2VwIcbCXXWwttLEwA3ijQrCLbWMBFBi1MRw487zR455hKAF86mlVk/92B/ZlNmzatXLlSJXl4AUxLtLHUZ+XKlYCx0Kwi++8O1zPStttUwESt5g0iGgRB/vSnPwFRNKvINlZZWRnQ15tvvunn56ekPBwBXvvUuaNCgyCIv79/eno60ADNKrKNNTAwAB8sLC0ttbCwUFIkXgDG0v6USdqMpaUlvBc8NjaGdm0a9RXk+PHjQI8mJiZNTU3wLjVhCAQCtBBtLJWxsLBobGyEk08BJkE1Vl5eHnw0wMzMrKOjA64HQQyATjo3rmpISxmYmZkBbebn5z/99FO0KKqxlpaWDh06BA+/cuXKxsbGlJQUxdTixcLCAlqINpYKpKamNjQ0yD3w/c477wA3ZaBf42fOnJFb24jJZObl5RUXF2swkT9wEYA2llKYmJhcvnz5k08+kbtM09nZCZ9OlvP5xMREYD74npiYmEePHr3xxhtyW+LBzMwMWoheblCclJSUR48ebdmyRW7L+fn5n/70p3AbOcaanJyMi4tTZGPEyMgoPz//1q1bxC/NA8aiUQQOh9Pa2pqXl6dIXTuJRBIfHy/3sqv8hemWlpbU1FQFJbq5udXW1paXlxP5Uq9mJiddxsPDo6KioqamxtXVVcGPpKSkKJLcW6Edj5KSkrS0NMU3dENDQ5ubm4H0jdgyPT0NROmnoUyCgoKqq6ubmpqCg4MV/IhEIklNTVXwloOiW2lXr16Ni4tT6txcYGBgVVVVT09PSkoKrnt2cHaG1atX4zc06WAymampqb29vZWVlQEBAYp/UCQSxcXFXbt2TcH2yqUxcnBwqKqqsrKyUupTUllFRUUnT57E4/qhg4MDUKWIw+Fo8M6j9uDq6rpv377k5GQVslmPjIxs2bJFqdykyk0kT548YbPZJSUlyirT19dPT09va2u7e/dudnY2vPKmLHAqaWXzLlEMMzOznJycvr6+1tbWXbt2qeCqkpISNputbMZbFVNFJiQkFBYWqrNK9PDhw88//7yoqAiTDEfA+/sbb7wB76lTEmtr6+Tk5F27dgGV/eUyPz+flZWlwjyiVnJbY2PjTz75JCkpSeUepPD5/OJl1CnzAhhr7969xOcp0RQhISFJy6j/TCguLv71r3+t8o1fddNxe3p6nj59GpPFBWn65NLS0i+//FLZ5I6Tk5Nok/yxY8c++OAD9eVpLe7u7rGxsXFxcQEBAZhUTLl7925GRoaaxTWxKSDwyiuvnDhxwsbGBpPepKeNW1tbq6ureTxec3Oz3OxtfX191tbWMkOFhYVvv/02VsK0AT09vcDAQC6XGx0d7efnh+Ev7qGhoQMHDpSXl6vfFZYlTxISEt5//30HBwcM+5TC5/O/+eabhoaGxsbGrq6uH6961NTUcDgcmZ8tLS1NTk7GXBKRsFgsHx8facmTsLAwbH/6SBkYGHj33XdVe52SCfZFmsLCwt577z1cl0bn5uY6Ojra29s7Ozu7urr6+vrOnTuHlnGpvb09IiICPzGYw2Kx3N3dpUWapOBaka+5ufnIkSNAdmDVwKuImY2NTU5Ozq5duzR+1G5sbAzOQ6Ep9PT0HBwcvi8r5+Li4urq6ujoSMxWgVAo/Pzzzz/88EOcrh/jWx2PwWAkJibu2bOHmL0dmUgkEm1LUjowMLBmzRpNjd7c3PzRRx9du3YN10uXBJVdXLFiRVpaWkZGBnB5Hz9WrVpF/KAAGtk17+vrO3Xq1Llz54g5DEJ0MWNTU9PXX389OTkZ7V0bD7SqhoC5ufnDhw8JG66tre38+fMXLlyAt+oxR2NVslks1tatW5OSkmJjY/E+fRoTEwPflCSSgICA6upqXIeYnZ29fv16cXFxRUWFpvLt4FhdF2ZxcfH6MtL9B+kSX3h4OB4v+87OztpjLJyKZAuFwrq6urKysuvXr6tcnQ9DNGas5xkeHj61jDTVc0xMDJfLjYyMxGr/WOMFz5/HxcUFq67Gx8dra2t5PF5lZSWuRWVUQCuM9TwjIyNfLCN9XHI4nLBlAgMDVT5ZpVXLDeoYa2pqqqWl5Ztl2tratDmtnMbesVSAwWBs3LiRw+FsWobNZityRhtBkI6OjvDwcPwFKgSwSfACCwsLvb297cu0tbXdvn2bRFmZyGSsH8NgMJydnT2W2bFjh5eXl8xmMzMzGO5jqsng4CDa8kd3d/eVK1fuLPPw4UMS2ejHkNtYz/Pmm28CNYy1ZykLWMTas2eP3FIiZIE66aPu3r0LRLXkHCla8mopQJ1Y0kEdY8HfiqenJ4FaUIFlwP83yAV1jAWvLKO9fhGMt7c3EKXSBUnqGEuaOBot5OvrS6wW2QC1voeGhojVgi+UMhaQwkRLjAXkH5Cbf4VcUMpYQNEoLVkjBW6ya0nFK6yglLHa29vRQgwGQ4NHoKSsXr0auOzQ1tZGrBx8oZSx4O9Gg4cNFREA/K8gI5Qy1ujoKLBarXj2C5wICgpCC0kkEu05MYYJlDKW9II1WigkJIRYLUoIePDgAbFacIdqxgLOXfn7+xOr5UWA7C7ac1wMK6hmrPr6erSQgYGBBm9VrFq1ytDQEC0KyCYpVDMWfD9u8+bNBGpRYmjMr/VpHKoZC35ZiYqKIlDL/weXywWiRF6vIAaqGUt6zwktpEFjRUdHo4WotPf8PRQ0Vk1NDVrI2dlZI4XmGAwGcCIZEExedMtYmlrNggeljUUOeDweEN2+fTuBWhQalDYWOZibmwNKD8fHxxMr57+gZcKRpoybm5sjVg4RUNBYCIJUVlaihVxcXAiujqmvrw8cagCkkhpqGgvOZrt161YCtSBwdRqqJt6lprEqKiqAqPoJeZUCHo6qMxZ1rn+9wP379y0tLWWG5ufn0UJ4MDIygpaSb2RkxM3NjTAlRELNGUtaowUtZGxs7OHhQYwMd3d3INEjIJLsUNZYxcXFQJSwqrDwQLBIUkPZR6G0eBPaOjufzycmBc2DBw/QSrKLxWIKF5Ci7IwFr5Sam5urUwtEQRwdHYFC/zdu3MBbgAahsrGKioqAaFZWFt4C4CFgeWSHyo9CAwMDPp+PFp2enra3t8dVwJMnT4CHnbm5uVAoxFWABqHyjCUUCoEjv6amprgeVvbz8wNc1djYSGFXUdxYCIKcPn0aiO7fvx+/offt2wdEYWEUgMqPQuk+HZ/PR7smKpFILCwsBAIB5uMaGBiMj48D45qbm4tEIszH1R4oPmOJRKKqqiq0KIPBwOkVPjMzE7j0XFlZSW1XUX/Gkh42Bxa4cVrQApavEARJTEyk5Bms56H4jCVdzQKKfJibm8fExGA7YnR0NOCqmZkZyrtKJ4yFIEhBQQEQ/eMf/4jtcMeOHQOi+fn52A6nnVD/UShN8wIXYY+Kirp16xYmY3E4HHhCcnBwePbsGSZjaTM6MWM9e/YMeIVHEOTEiRNYjXXy5EkgWlVVpQuu0hVjIQhy9OhRIOrt7Y3JJemwsDAgGSSCIEeOHFF/FFKgE49CKU1NTcAxrG+//ZbNZqs5RE9PD1AS+86dO0AmI4qhKzMWgiC5ublA1N7efvfu3er0n5mZCRdaP3TokDr9kwsdmrGkWfOAG8kikcjZ2Vm1gpGrVq169OgRcP+nv7+fyNqfGkeHZiwEQfbu3QtE9fX1VT7KUlRUBN8qg4emHrplrK+//hpO9bl582YVNnkyMjLg6mLt7e03b95UtltSo1uPQmlebjgHrkQiCQsL6+npUbBDNptdX18P7AxKF7f6+/uVVEpudGvGkr7rnDt3DmjAYDAqKysVvB9mYWFRWVkJu+qLL77QNVfp4oyFIIihoeHjx4/hCueTk5NBQUGjo6NAGwsLi6amJjMzM6DNzMyMk5MTtc/0yUTnZiwEQQQCQXp6Otxm7dq1HR0dQIUSX1/fjo4O2FUIgqSnp+ugq3TUWNI7+HLv9JmYmNTW1v71r399oUCwkZHRX/7yl7q6uhUrVsA9XLp0iao36OWii49CKXp6ej09Pba2tnJbSiSSmpqalpYWaUrtyMhI+KVKytDQkKen59LSEkZ6SYbuGgtBEDs7u87OTjyyGgmFQh8fH4pVilMKHX0UShkcHExISMC8prdEIklISNBlV+m6saSZ+9PS0rDtMzU1taGhAds+SYeepgVonr6+vt7e3p07dyry5gQjkUhSU1NLSkowkkZidPod63mCg4NLSkqAqiRyEQgE8fHx1KuKoxq0sX5g3bp1paWlqqXOunPnTnx8/Pj4OA66SImuv2M9z/j4eFBQUG5urlJLmkKh8NChQ0FBQbSraORgaGh4+PDhoaGh70CGhoZyc3PVeXpSGPpRCOHj45OYmBgSEuLq6irdvZmYmLh3715DQ0NJSUlnZ6emBdLQ6Bj0OxYNLtDGosEF2lg0uEAbiwYXaGPR4AJtLBpc+H8BAAD//0CespDBZHwPAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + deployments: null + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - durable + - execution + - workflow + - sdk + - application + - distributed + links: + - name: Temporal Operator + url: https://github.com/alexandrevilain/temporal-operator + maintainers: + - email: alexandre.vilain@me.com + name: alexandrevilain + - email: keith.tenzer@temporal.io + name: ktenzer + maturity: alpha + minKubeVersion: 1.22.0 + provider: + name: Temporal Community + url: https://temporal.io/ + replaces: temporal-operator.v0.17.0 + version: 0.10.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: mtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-temporal-io-v1beta1-temporalcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: temporal-operator-controller-manager + failurePolicy: Fail + generateName: vtemporalc.kb.io + rules: + - apiGroups: + - temporal.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - temporalclusters + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-temporal-io-v1beta1-temporalcluster