mirror of
https://github.com/clastix/kamaji.git
synced 2026-02-28 16:50:29 +00:00
Compare commits
17 Commits
v0.1.0
...
helm-v0.10
| Author | SHA1 | Date | |
|---|---|---|---|
|
78ef34c9d6 | ||
|
16d8b2d701 | ||
|
|
68764be716 | ||
|
|
b594b598b1 | ||
|
|
c8ce212730 | ||
|
|
714b173132 | ||
|
|
0217d579d6 | ||
|
|
c242f4ac58 | ||
|
|
d4d25a8a05 | ||
|
cff7f7c4e5 | ||
|
|
6c817fd7ab | ||
|
|
d31ada4da6 | ||
|
|
ee01f721d2 | ||
|
912e010363 | ||
|
|
e2b03ca873 | ||
|
dccf7bd540 | ||
|
|
25a65a7496 |
11
Makefile
11
Makefile
@@ -3,7 +3,7 @@
|
||||
# To re-generate a bundle for another specific version without changing the standard setup, you can:
|
||||
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
|
||||
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
|
||||
VERSION ?= 0.1.0
|
||||
VERSION ?= 0.1.1
|
||||
|
||||
# CHANNELS define the bundle channels used in the bundle.
|
||||
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
|
||||
@@ -87,6 +87,10 @@ CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
|
||||
controller-gen: ## Download controller-gen locally if necessary.
|
||||
$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.2)
|
||||
|
||||
GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
|
||||
golangci-lint: ## Download golangci-lint locally if necessary.
|
||||
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0)
|
||||
|
||||
KUSTOMIZE = $(shell pwd)/bin/kustomize
|
||||
kustomize: ## Download kustomize locally if necessary.
|
||||
$(call install-kustomize,$(KUSTOMIZE),3.8.7)
|
||||
@@ -105,6 +109,9 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
|
||||
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
|
||||
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
|
||||
|
||||
golint: golangci-lint ## Linting the code according to the styling guide.
|
||||
$(GOLANGCI_LINT) run -c .golangci.yml
|
||||
|
||||
test:
|
||||
go test ./... -coverprofile cover.out
|
||||
|
||||
@@ -253,4 +260,4 @@ e2e: env load helm ginkgo ## Create a KinD cluster, install Kamaji on it and run
|
||||
##@ Document
|
||||
|
||||
apidoc: apidocs-gen
|
||||
$(APIDOCS_GEN) crdoc --resources config/crd/bases --output docs/apireference.md --template docs/templates/reference-cr.tmpl
|
||||
$(APIDOCS_GEN) crdoc --resources config/crd/bases --output docs/content/reference/api.md --template docs/templates/reference-cr.tmpl
|
||||
|
||||
58
README.md
58
README.md
@@ -20,39 +20,14 @@ Global hyper-scalers are leading the Managed Kubernetes space, while other cloud
|
||||
**Kamaji** aims to solve these pains by leveraging multi-tenancy and simplifying how to run multiple control planes on the same infrastructure with a fraction of the operational burden.
|
||||
|
||||
## How it works
|
||||
Kamaji turns any Kubernetes cluster into an _“admin cluster”_ to orchestrate other Kubernetes clusters called _“tenant clusters”_. What makes Kamaji special is that Control Planes of _“tenant clusters”_ are just regular pods running in the _“admin cluster”_ instead of dedicated Virtual Machines. This solution makes running control planes at scale cheaper and easier to deploy and operate. View [Core Concepts](./docs/concepts.md) for a deeper understanding of principles behind Kamaji's design.
|
||||
Kamaji turns any Kubernetes cluster into an _“admin cluster”_ to orchestrate other Kubernetes clusters called _“tenant clusters”_. What makes Kamaji special is that Control Planes of _“tenant clusters”_ are just regular pods running in the _“admin cluster”_ instead of dedicated Virtual Machines. This solution makes running control planes at scale cheaper and easier to deploy and operate.
|
||||
|
||||
<p align="center">
|
||||
<img src="assets/kamaji-light.png#gh-light-mode-only" />
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<img src="assets/kamaji-dark.png#gh-dark-mode-only" />
|
||||
</p>
|
||||
|
||||
All the tenant clusters built with Kamaji are fully compliant CNCF Kubernetes clusters and are compatible with the standard Kubernetes toolchains everybody knows and loves.
|
||||
|
||||
<p align="center">
|
||||
<img src="assets/screenshot.png" />
|
||||
</p>
|
||||
|
||||
|
||||
|
||||
## Getting started
|
||||
|
||||
Please refer to the [Getting Started guide](./docs/getting-started-with-kamaji.md) to deploy a minimal setup of Kamaji on KinD.
|
||||
|
||||
> This project is still in the early development stage which means it's not ready for production as APIs, commands, flags, etc. are subject to change, but also that your feedback can still help to shape it. Please try it out and let us know what you like, dislike, what works, what doesn't, etc.
|
||||
|
||||
## Use cases
|
||||
Kamaji project has been initially started as a solution for actual and common problems such as minimizing the Total Cost of Ownership while running Kubernetes at large scale. However, it can open a wider range of use cases.
|
||||
|
||||
Here are a few:
|
||||
|
||||
- **Managed Kubernetes:** enable companies to provide Cloud Native Infrastructure with ease by introducing a strong separation of concerns between management and workloads. Centralize clusters management, monitoring, and observability by leaving developers to focus on applications, increase productivity and reduce operational costs.
|
||||
- **Kubernetes as a Service:** provide Kubernetes clusters in a self-service fashion by running management and workloads on different infrastructures with the option of Bring Your Own Device, BYOD.
|
||||
- **Control Plane as a Service:** provide multiple Kubernetes control planes running on top of a single Kubernetes cluster. Tenants who use namespaces based isolation often still need access to cluster wide resources like Cluster Roles, Admission Webhooks, or Custom Resource Definitions.
|
||||
- **Edge Computing:** distribute Kubernetes workloads across edge computing locations without having to manage multiple clusters across various providers. Centralize management of hundreds of control planes while leaving workloads to run isolated on their own dedicated infrastructure.
|
||||
- **Cluster Simulation:** check new Kubernetes API or experimental flag or a new tool without impacting production operations. Kamaji will let you simulate such things in a safe and controlled environment.
|
||||
- **Workloads Testing:** check the behaviour of your workloads on different and multiple versions of Kubernetes with ease by deploying multiple Control Planes in a single cluster.
|
||||
Please refer to the [Getting Started guide](https://kamaji.clastix.io/getting-started/) to deploy a minimal setup of Kamaji on KinD.
|
||||
|
||||
## Features
|
||||
|
||||
@@ -80,31 +55,10 @@ Here are a few:
|
||||
|
||||
|
||||
## Documentation
|
||||
Please, check the project's [documentation](./docs/) for getting started with Kamaji.
|
||||
Please, check the project's [documentation](https://kamaji.clastix.io/) for getting started with Kamaji.
|
||||
|
||||
## Contributions
|
||||
Kamaji is Open Source with Apache 2 license and any contribution is welcome.
|
||||
|
||||
## Community
|
||||
Join the [Kubernetes Slack Workspace](https://slack.k8s.io/) and the [`#kamaji`](https://kubernetes.slack.com/archives/C03GLTTMWNN) channel to meet end-users and contributors.
|
||||
|
||||
## FAQs
|
||||
Q. What does Kamaji means?
|
||||
|
||||
A. Kamaji is named as the character _Kamaji_ from the Japanese movie [_Spirited Away_](https://en.wikipedia.org/wiki/Spirited_Away).
|
||||
|
||||
Q. Is Kamaji another Kubernetes distribution?
|
||||
|
||||
A. No, Kamaji is a Kubernetes Operator you can install on top of any Kubernetes cluster to provide hundreds of managed Kubernetes clusters as a service. We tested Kamaji on vanilla Kubernetes 1.22+, KinD, and Azure AKS. We expect it to work smoothly on other Kubernetes distributions. The tenant clusters made with Kamaji are conformant CNCF Kubernetes clusters as we leverage on [`kubeadm`](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/).
|
||||
|
||||
Q. Is it safe to run Kubernetes control plane components in a pod instead of dedicated virtual machines?
|
||||
|
||||
A. Yes, the tenant control plane components are packaged in the same way they are running in bare metal or virtual nodes. We leverage the `kubeadm` code to set up the control plane components as they were running on their own server. The unchanged images of upstream `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager` are used.
|
||||
|
||||
Q. You already provide a Kubernetes multi-tenancy solution with [Capsule](https://capsule.clastix.io). Why does Kamaji matter?
|
||||
|
||||
A. A multi-tenancy solution, like Capsule shares the Kubernetes control plane among all tenants keeping tenant namespaces isolated by policies. While the solution is the right choice by balancing between features and ease of usage, there are cases where a tenant user requires access to the control plane, for example, when a tenant requires to manage CRDs on his own. With Kamaji, you can provide cluster admin permissions to the tenant.
|
||||
|
||||
Q. Well you convinced me, how to get a try?
|
||||
|
||||
A. It is possible to get started with Kamaji on a laptop with [KinD](./docs/getting-started-with-kamaji.md) installed.
|
||||
Join the [Kubernetes Slack Workspace](https://slack.k8s.io/) and the [`#kamaji`](https://kubernetes.slack.com/archives/C03GLTTMWNN) channel to meet end-users and contributors.
|
||||
@@ -85,6 +85,16 @@ type ControlPlaneComponentsResources struct {
|
||||
type DeploymentSpec struct {
|
||||
// +kubebuilder:default=2
|
||||
Replicas int32 `json:"replicas,omitempty"`
|
||||
// NodeSelector is a selector which must be true for the pod to fit on a node.
|
||||
// Selector which must match a node's labels for the pod to be scheduled on that node.
|
||||
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
|
||||
// If specified, the Tenant Control Plane pod's tolerations.
|
||||
// More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
|
||||
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
|
||||
// If specified, the Tenant Control Plane pod's scheduling constraints.
|
||||
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/
|
||||
Affinity *corev1.Affinity `json:"affinity,omitempty"`
|
||||
// TopologySpreadConstraints describes how the Tenant Control Plane pods ought to spread across topology
|
||||
// domains. Scheduler will schedule pods in a way which abides by the constraints.
|
||||
// In case of nil underlying LabelSelector, the Kamaji one for the given Tenant Control Plane will be used.
|
||||
|
||||
@@ -521,6 +521,25 @@ func (in *DataStoreStatus) DeepCopy() *DataStoreStatus {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
|
||||
*out = *in
|
||||
if in.NodeSelector != nil {
|
||||
in, out := &in.NodeSelector, &out.NodeSelector
|
||||
*out = make(map[string]string, len(*in))
|
||||
for key, val := range *in {
|
||||
(*out)[key] = val
|
||||
}
|
||||
}
|
||||
if in.Tolerations != nil {
|
||||
in, out := &in.Tolerations, &out.Tolerations
|
||||
*out = make([]v1.Toleration, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.Affinity != nil {
|
||||
in, out := &in.Affinity, &out.Affinity
|
||||
*out = new(v1.Affinity)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.TopologySpreadConstraints != nil {
|
||||
in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints
|
||||
*out = make([]v1.TopologySpreadConstraint, len(*in))
|
||||
|
||||
1
assets/kamaji-logo.svg
Normal file
1
assets/kamaji-logo.svg
Normal file
@@ -0,0 +1 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" role="img" viewBox="11.85 8.10 202.80 187.55"><title>Kamaji</title><path d="M32.1 13.7c-2.4.9-6.3 3.5-8.6 5.8-7.7 7.7-7.5 5-7.5 82.5 0 77.4-.2 74.8 7.5 82.5 7.7 7.8 4.2 7.5 90 7.5s82.3.3 90-7.5c7.7-7.7 7.5-5.1 7.5-82.5s.2-74.8-7.5-82.5c-7.8-7.8-4.1-7.5-90.4-7.4-66.7 0-77.2.3-81 1.6zm160.5 9.9c1.9.9 4.4 3.1 5.7 4.8l2.2 3.1v141l-2.2 3.1c-4.8 6.7-1.1 6.4-84.8 6.4s-80 .3-84.8-6.4l-2.2-3.1v-141l2.2-3.1c4.8-6.6.8-6.4 84.6-6.4 68 0 76.3.2 79.3 1.6z"/><path d="M90.1 33.7c-5.1 2.5-7.3 6.7-6.8 13.1.3 4.1 1 5.9 3.3 8.4s2.5 3 .9 2.3c-2-.7-25.1-4.6-29-4.9-1.1 0-2 .5-2 1.4 0 1.1-1.2 1.5-4.9 1.5-6.7 0-6.8 1.9-.4 4 8.2 2.7 9 3.4 3.3 3.5-5.3 0-8.2 1.1-7.1 2.8.7 1.2-2.7 2.2-8.1 2.2-7 0-6.5 2.4 1.1 5.1l3.9 1.4-2.9.5c-4.3.8-3.2 2.3 2.8 4.1l5.3 1.5-5.2 2.7c-8.2 4.2-8.3 5.8-.4 6.1 5.6.2 7.3 1.1 4.2 2.1-2.3.7-2.8 3.1-.9 3.7.7.3-.5 2-2.8 4-5.6 5.3-4 6.4 6.2 4.5 4.4-.8 8.1-1.3 8.3-1.2.2.2-1.3 2.4-3.3 4.8-2 2.4-3.6 4.7-3.6 5.2 0 .4 1.4.5 3 .3 2.9-.4 4 .5 2 1.7-.5.3-1 1.3-1 2.2 0 1.6 2.2 1.5 6.5-.3 1.7-.7 1.6-.2-.9 3-5.4 7.2.7 6.5 13.6-1.4 2.7-1.7 5.1-3 5.4-3 .3 0-.9 2.1-2.7 4.6-4.5 6.6-2.5 7.9 3.7 2.3 4.6-4.3 4.7-4.3 3-1.2-1.9 3.8-2.1 5.6-.4 5.1.6-.2 7.1-7.1 14.3-15.4 7.2-8.2 13.7-14.9 14.5-14.9.8 0 7.3 6.7 14.6 15 7.2 8.2 13.7 15.1 14.3 15.3 1.6.5 1.4-1.4-.5-5-1.6-3.2-1.6-3.2 3.2 1 6 5.1 7.8 4 3.5-2.2-1.8-2.5-3-4.6-2.7-4.6.3 0 2.7 1.3 5.4 3 12.9 7.9 19 8.6 13.6 1.4-2.5-3.2-2.6-3.7-.9-3 5.9 2.5 7.7 1.7 5.6-2.3-.9-1.5-.6-1.7 2-1.3 3.8.6 3.7-.5-.7-5.7-2-2.3-3.5-4.4-3.2-4.6.2-.2 2.1 0 4.3.4 13.9 3 16.4 1.8 9.8-4.3-2.1-1.9-3.2-3.6-2.5-3.6 2 0 1.4-2.8-.9-3.5-3.2-1-1.3-2 4.2-2.1 7.9-.2 7.8-1.9-.4-6.1l-5.2-2.7 5.4-1.6c6.4-1.8 7.9-4 2.9-4.1h-3.3l3.9-1.5c7.3-2.6 8.4-5.4 2.2-5.4-5.1 0-9.6-1.1-9-2.2 1.1-1.7-1.8-2.8-7.1-2.8-5.7-.1-4.9-.8 3.3-3.5 6.4-2.1 6.3-4-.4-4-3.7 0-4.9-.4-4.9-1.5 0-.9-.9-1.4-2-1.4-3.9.3-27 4.2-29 4.9-1.6.7-1.4.2.9-2.3 3.7-4 4.7-11.3 2.2-16.1-4.8-9.2-18.8-9.3-23.8 0-4.4 8.3.2 18.4 9.5 20.5 3 .6 2.8.8-5.5 4l-8.8 3.3-8.7-3.3c-8.1-3.2-8.4-3.4-5.5-4.1 1.7-.3 4.3-1.5 5.7-2.7 13.1-10.3.6-30.4-14.4-23.1zm77.6 98.4c-3.6 2.1-.8 7.7 3.2 6.4 2.1-.6 3.5-3.1 2.5-4.6-1.1-1.8-4-2.7-5.7-1.8zm8.3 3.9c0 1.9.5 2.1 6.3 1.8 4.7-.2 6.2-.7 6.2-1.8s-1.5-1.6-6.2-1.8c-5.8-.3-6.3-.1-6.3 1.8zm-135.6.3c-.2.7-.3 7.4-.2 14.8l.3 13.4 3.3.3c3.1.3 3.2.2 3.2-3.4 0-2.5.7-4.6 2.1-6l2.1-2.3 5 6c3.9 4.7 5.6 5.9 7.8 5.9 1.6 0 3.1-.3 3.3-.8.3-.4-2.1-4-5.4-8.1-3.2-4-5.9-7.6-5.9-8 0-.4 2.5-3.1 5.5-6.1 3-3 5.5-5.8 5.5-6.2 0-.4-1.5-.8-3.3-.8-2.8 0-4.4 1-9.6 6.5-3.5 3.6-6.5 6.5-6.7 6.5-.2 0-.4-2.9-.4-6.5V135h-3c-1.7 0-3.3.6-3.6 1.3zm31.2 7c-1.1.8-1.5 1.9-1 3 .5 1.4 1.3 1.6 4 1.1 4.2-.8 8.4.2 8.4 2 0 .8-1.8 1.5-5.1 1.9-6 .7-8.9 2.9-8.9 6.6 0 3.2.8 4.4 3.7 6 2.9 1.5 5.2 1.4 8.6-.3 2.3-1.3 2.7-1.3 2.7 0 0 .9 1.1 1.4 3 1.4h3v-8.6c0-8.1-.1-8.7-2.9-11.5-2.5-2.5-3.7-2.9-8.3-2.9-3 0-6.2.6-7.2 1.3zm11.2 13.9c-.2 1.7-1.1 2.4-3.2 2.6-3.3.4-5.1-1-4.3-3.2.4-1.1 1.9-1.6 4.2-1.6 3.2 0 3.6.3 3.3 2.2zm13.4-4l.3 11.3h6l.5-7.8c.5-7.6 1.5-9.6 4.7-9.7 3 0 4.3 3.2 4.3 10.6v7.4h3c3 0 3 0 3-5.9 0-7.3 1.2-10.7 4.1-11.6 3.8-1.3 5.9 2.5 5.9 10.6v6.9h6v-9c0-8.3-.2-9.3-2.5-11.5-2.9-3-9.8-3.5-12.7-.8-1.7 1.5-1.9 1.5-3.6 0-2.2-2-9.2-2.3-11.1-.5-1.1 1-1.4 1-1.8 0-.3-.6-1.8-1.2-3.4-1.2h-3l.3 11.2zm45.4-9.9c-1.1.8-1.5 1.9-1 3 .5 1.4 1.3 1.6 4 1.1 4.2-.8 8.4.2 8.4 2 0 .8-1.8 1.5-5.1 1.9-6 .7-8.9 2.9-8.9 6.6 0 3.2.8 4.4 3.7 6 2.9 1.5 5.2 1.4 8.6-.3 2.3-1.3 2.7-1.3 2.7 0 0 .9 1.1 1.4 3 1.4h3v-8.6c0-8.1-.1-8.7-2.9-11.5-2.5-2.5-3.7-2.9-8.3-2.9-3 0-6.2.6-7.2 1.3zm11.2 13.9c-.2 1.7-1.1 2.4-3.2 2.6-3.3.4-5.1-1-4.3-3.2.4-1.1 1.9-1.6 4.2-1.6 3.2 0 3.6.3 3.3 2.2zm13-2.5c-.3 12.8-.3 12.8-2.7 12.8-1.5 0-2.7.8-3.1 2-2 5.4 9.4 4.3 11.9-1.2.6-1.3 1.1-7.7 1.1-14.3v-12h-6.9l-.3 12.7zm13.4-1.5l.3 11.3h6v-22l-3.3-.3-3.3-.3.3 11.3z"/></svg>
|
||||
|
After Width: | Height: | Size: 3.6 KiB |
@@ -1,37 +1,26 @@
|
||||
apiVersion: v2
|
||||
name: kamaji
|
||||
description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.9.2
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: v0.1.0
|
||||
|
||||
appVersion: v0.1.1
|
||||
description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service
|
||||
with a fraction of the operational burden. With Kamaji, you can deploy and operate
|
||||
hundreds of Kubernetes clusters as a hyper-scaler.
|
||||
home: https://github.com/clastix/kamaji
|
||||
sources: ["https://github.com/clastix/kamaji"]
|
||||
kubeVersion: ">=1.18"
|
||||
icon: https://github.com/clastix/kamaji/raw/master/assets/kamaji-logo.png
|
||||
kubeVersion: ">=1.21.0-0"
|
||||
maintainers:
|
||||
- email: iam@mendrugory.com
|
||||
name: Gonzalo Gabriel Jiménez Fuentes
|
||||
- email: dario@tranchitella.eu
|
||||
name: Dario Tranchitella
|
||||
- email: me@maxgio.it
|
||||
name: Massimiliano Giovagnoli
|
||||
- email: me@bsctl.io
|
||||
name: Adriano Pezzuto
|
||||
- email: iam@mendrugory.com
|
||||
name: Gonzalo Gabriel Jiménez Fuentes
|
||||
name: kamaji
|
||||
sources:
|
||||
- https://github.com/clastix/kamaji
|
||||
type: application
|
||||
version: 0.10.2
|
||||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/release-name: kamaji
|
||||
catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# kamaji
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
|
||||
|
||||
@@ -8,10 +8,10 @@ Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Gonzalo Gabriel Jiménez Fuentes | <iam@mendrugory.com> | |
|
||||
| Dario Tranchitella | <dario@tranchitella.eu> | |
|
||||
| Massimiliano Giovagnoli | <me@maxgio.it> | |
|
||||
| Adriano Pezzuto | <me@bsctl.io> | |
|
||||
| Gonzalo Gabriel Jiménez Fuentes | <iam@mendrugory.com> | |
|
||||
|
||||
## Source Code
|
||||
|
||||
@@ -19,7 +19,7 @@ Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.18`
|
||||
Kubernetes: `>=1.21.0-0`
|
||||
|
||||
[Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster.
|
||||
This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`.
|
||||
|
||||
30
charts/kamaji/app-readme.md
Normal file
30
charts/kamaji/app-readme.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# Kamaji - Managed Kubernetes Service
|
||||
|
||||
Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden.
|
||||
|
||||
Useful links:
|
||||
- [Kamaji Github repository](https://github.com/clastix/kamaji)
|
||||
- [Kamaji Documentation](https://github.com/clastix/kamaji/docs/)
|
||||
|
||||
## Requirements
|
||||
|
||||
* Kubernetes v1.22+
|
||||
* Helm v3
|
||||
|
||||
# Installation
|
||||
|
||||
To install the Chart with the release name `kamaji`:
|
||||
|
||||
helm upgrade --install --namespace kamaji-system --create-namespace clastix/kamaji
|
||||
|
||||
Show the status:
|
||||
|
||||
helm status kamaji -n kamaji-system
|
||||
|
||||
Upgrade the Chart
|
||||
|
||||
helm upgrade kamaji -n kamaji-system clastix/kamaji
|
||||
|
||||
Uninstall the Chart
|
||||
|
||||
helm uninstall kamaji -n kamaji-system
|
||||
@@ -171,6 +171,909 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
affinity:
|
||||
description: 'If specified, the Tenant Control Plane pod''s
|
||||
scheduling constraints. More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/'
|
||||
properties:
|
||||
nodeAffinity:
|
||||
description: Describes node affinity scheduling rules
|
||||
for the pod.
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements
|
||||
of this field and adding "weight" to the sum if
|
||||
the node matches the corresponding matchExpressions;
|
||||
the node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: An empty preferred scheduling term
|
||||
matches all objects with implicit weight 0 (i.e.
|
||||
it's a no-op). A null preferred scheduling term
|
||||
matches no objects (i.e. is also a no-op).
|
||||
properties:
|
||||
preference:
|
||||
description: A node selector term, associated
|
||||
with the corresponding weight.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
weight:
|
||||
description: Weight associated with matching
|
||||
the corresponding nodeSelectorTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- preference
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
affinity requirements specified by this field cease
|
||||
to be met at some point during pod execution (e.g.
|
||||
due to an update), the system may or may not try
|
||||
to eventually evict the pod from its node.
|
||||
properties:
|
||||
nodeSelectorTerms:
|
||||
description: Required. A list of node selector
|
||||
terms. The terms are ORed.
|
||||
items:
|
||||
description: A null or empty node selector term
|
||||
matches no objects. The requirements of them
|
||||
are ANDed. The TopologySelectorTerm type implements
|
||||
a subset of the NodeSelectorTerm.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: array
|
||||
required:
|
||||
- nodeSelectorTerms
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
podAffinity:
|
||||
description: Describes pod affinity scheduling rules (e.g.
|
||||
co-locate this pod in the same node, zone, etc. as some
|
||||
other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements
|
||||
of this field and adding "weight" to the sum if
|
||||
the node has pods which matches the corresponding
|
||||
podAffinityTerm; the node(s) with the highest sum
|
||||
are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred
|
||||
node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term,
|
||||
associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of
|
||||
resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set
|
||||
of namespaces that the term applies to.
|
||||
The term is applied to the union of the
|
||||
namespaces selected by this field and
|
||||
the ones listed in the namespaces field.
|
||||
null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An
|
||||
empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static
|
||||
list of namespace names that the term
|
||||
applies to. The term is applied to the
|
||||
union of the namespaces listed in this
|
||||
field and the ones selected by namespaceSelector.
|
||||
null or empty namespaces list and null
|
||||
namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity)
|
||||
with the pods matching the labelSelector
|
||||
in the specified namespaces, where co-located
|
||||
is defined as running on a node whose
|
||||
value of the label with key topologyKey
|
||||
matches that of any node on which any
|
||||
of the selected pods is running. Empty
|
||||
topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching
|
||||
the corresponding podAffinityTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
affinity requirements specified by this field cease
|
||||
to be met at some point during pod execution (e.g.
|
||||
due to a pod label update), the system may or may
|
||||
not try to eventually evict the pod from its node.
|
||||
When there are multiple elements, the lists of nodes
|
||||
corresponding to each podAffinityTerm are intersected,
|
||||
i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those
|
||||
matching the labelSelector relative to the given
|
||||
namespace(s)) that this pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity) with,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the
|
||||
set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces
|
||||
that the term applies to. The term is applied
|
||||
to the union of the namespaces selected by
|
||||
this field and the ones listed in the namespaces
|
||||
field. null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An empty
|
||||
selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list
|
||||
of namespace names that the term applies to.
|
||||
The term is applied to the union of the namespaces
|
||||
listed in this field and the ones selected
|
||||
by namespaceSelector. null or empty namespaces
|
||||
list and null namespaceSelector means "this
|
||||
pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the
|
||||
pods matching the labelSelector in the specified
|
||||
namespaces, where co-located is defined as
|
||||
running on a node whose value of the label
|
||||
with key topologyKey matches that of any node
|
||||
on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
podAntiAffinity:
|
||||
description: Describes pod anti-affinity scheduling rules
|
||||
(e.g. avoid putting this pod in the same node, zone,
|
||||
etc. as some other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the anti-affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling anti-affinity
|
||||
expressions, etc.), compute a sum by iterating through
|
||||
the elements of this field and adding "weight" to
|
||||
the sum if the node has pods which matches the corresponding
|
||||
podAffinityTerm; the node(s) with the highest sum
|
||||
are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred
|
||||
node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term,
|
||||
associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of
|
||||
resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set
|
||||
of namespaces that the term applies to.
|
||||
The term is applied to the union of the
|
||||
namespaces selected by this field and
|
||||
the ones listed in the namespaces field.
|
||||
null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An
|
||||
empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static
|
||||
list of namespace names that the term
|
||||
applies to. The term is applied to the
|
||||
union of the namespaces listed in this
|
||||
field and the ones selected by namespaceSelector.
|
||||
null or empty namespaces list and null
|
||||
namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity)
|
||||
with the pods matching the labelSelector
|
||||
in the specified namespaces, where co-located
|
||||
is defined as running on a node whose
|
||||
value of the label with key topologyKey
|
||||
matches that of any node on which any
|
||||
of the selected pods is running. Empty
|
||||
topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching
|
||||
the corresponding podAffinityTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the anti-affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
anti-affinity requirements specified by this field
|
||||
cease to be met at some point during pod execution
|
||||
(e.g. due to a pod label update), the system may
|
||||
or may not try to eventually evict the pod from
|
||||
its node. When there are multiple elements, the
|
||||
lists of nodes corresponding to each podAffinityTerm
|
||||
are intersected, i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those
|
||||
matching the labelSelector relative to the given
|
||||
namespace(s)) that this pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity) with,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the
|
||||
set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces
|
||||
that the term applies to. The term is applied
|
||||
to the union of the namespaces selected by
|
||||
this field and the ones listed in the namespaces
|
||||
field. null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An empty
|
||||
selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list
|
||||
of namespace names that the term applies to.
|
||||
The term is applied to the union of the namespaces
|
||||
listed in this field and the ones selected
|
||||
by namespaceSelector. null or empty namespaces
|
||||
list and null namespaceSelector means "this
|
||||
pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the
|
||||
pods matching the labelSelector in the specified
|
||||
namespaces, where co-located is defined as
|
||||
running on a node whose value of the label
|
||||
with key topologyKey matches that of any node
|
||||
on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
extraArgs:
|
||||
description: ExtraArgs allows adding additional arguments
|
||||
to the Control Plane components, such as kube-apiserver,
|
||||
@@ -195,6 +1098,14 @@ spec:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
nodeSelector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'NodeSelector is a selector which must be true
|
||||
for the pod to fit on a node. Selector which must match
|
||||
a node''s labels for the pod to be scheduled on that node.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
||||
type: object
|
||||
replicas:
|
||||
default: 2
|
||||
format: int32
|
||||
@@ -289,6 +1200,49 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
tolerations:
|
||||
description: 'If specified, the Tenant Control Plane pod''s
|
||||
tolerations. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/'
|
||||
items:
|
||||
description: The pod this Toleration is attached to tolerates
|
||||
any taint that matches the triple <key,value,effect> using
|
||||
the matching operator <operator>.
|
||||
properties:
|
||||
effect:
|
||||
description: Effect indicates the taint effect to match.
|
||||
Empty means match all taint effects. When specified,
|
||||
allowed values are NoSchedule, PreferNoSchedule and
|
||||
NoExecute.
|
||||
type: string
|
||||
key:
|
||||
description: Key is the taint key that the toleration
|
||||
applies to. Empty means match all taint keys. If the
|
||||
key is empty, operator must be Exists; this combination
|
||||
means to match all values and all keys.
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents a key's relationship
|
||||
to the value. Valid operators are Exists and Equal.
|
||||
Defaults to Equal. Exists is equivalent to wildcard
|
||||
for value, so that a pod can tolerate all taints of
|
||||
a particular category.
|
||||
type: string
|
||||
tolerationSeconds:
|
||||
description: TolerationSeconds represents the period
|
||||
of time the toleration (which must be of effect NoExecute,
|
||||
otherwise this field is ignored) tolerates the taint.
|
||||
By default, it is not set, which means tolerate the
|
||||
taint forever (do not evict). Zero and negative values
|
||||
will be treated as 0 (evict immediately) by the system.
|
||||
format: int64
|
||||
type: integer
|
||||
value:
|
||||
description: Value is the taint value the toleration
|
||||
matches to. If the operator is Exists, the value should
|
||||
be empty, otherwise just a regular string.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
topologySpreadConstraints:
|
||||
description: TopologySpreadConstraints describes how the Tenant
|
||||
Control Plane pods ought to spread across topology domains.
|
||||
|
||||
@@ -6,6 +6,10 @@ metadata:
|
||||
{{- include "etcd.labels" . | nindent 4 }}
|
||||
name: {{ include "etcd.csrConfigMapName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "-5"
|
||||
"helm.sh/hook-delete-policy": "hook-succeeded,hook-failed"
|
||||
data:
|
||||
ca-csr.json: |-
|
||||
{
|
||||
|
||||
@@ -18,35 +18,13 @@ spec:
|
||||
serviceAccountName: {{ include "etcd.serviceAccountName" . }}
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: cfssl
|
||||
image: cfssl/cfssl:latest
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- |-
|
||||
cfssl gencert -initca /csr/ca-csr.json | cfssljson -bare /certs/ca &&
|
||||
mv /certs/ca.pem /certs/ca.crt && mv /certs/ca-key.pem /certs/ca.key &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/peer-csr.json | cfssljson -bare /certs/peer &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/server-csr.json | cfssljson -bare /certs/server &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=client-authentication /csr/root-client-csr.json | cfssljson -bare /certs/root-client
|
||||
volumeMounts:
|
||||
- mountPath: /certs
|
||||
name: certs
|
||||
- mountPath: /csr
|
||||
name: csr
|
||||
- name: kubectl
|
||||
image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |-
|
||||
kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem &&
|
||||
kubectl --namespace={{ .Release.Namespace }} rollout status sts/etcd --timeout=300s
|
||||
volumeMounts:
|
||||
- mountPath: /certs
|
||||
name: certs
|
||||
containers:
|
||||
- command:
|
||||
- bash
|
||||
@@ -82,10 +60,7 @@ spec:
|
||||
- name: root-certs
|
||||
secret:
|
||||
secretName: {{ include "etcd.clientSecretName" . }}
|
||||
optional: true
|
||||
- name: csr
|
||||
configMap:
|
||||
name: {{ include "etcd.csrConfigMapName" . }}
|
||||
- name: certs
|
||||
emptyDir: {}
|
||||
secret:
|
||||
secretName: {{ include "etcd.caSecretName" . }}
|
||||
{{- end }}
|
||||
|
||||
60
charts/kamaji/templates/etcd_job_preinstall.yaml
Normal file
60
charts/kamaji/templates/etcd_job_preinstall.yaml
Normal file
@@ -0,0 +1,60 @@
|
||||
{{- if .Values.etcd.deploy }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "etcd.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "-5"
|
||||
"helm.sh/hook-delete-policy": "hook-succeeded"
|
||||
name: "{{ .Release.Name }}-etcd-certs"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}"
|
||||
spec:
|
||||
serviceAccountName: {{ include "etcd.serviceAccountName" . }}
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: cfssl
|
||||
image: cfssl/cfssl:latest
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- |-
|
||||
cfssl gencert -initca /csr/ca-csr.json | cfssljson -bare /certs/ca &&
|
||||
mv /certs/ca.pem /certs/ca.crt && mv /certs/ca-key.pem /certs/ca.key &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/peer-csr.json | cfssljson -bare /certs/peer &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/server-csr.json | cfssljson -bare /certs/server &&
|
||||
cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=client-authentication /csr/root-client-csr.json | cfssljson -bare /certs/root-client
|
||||
volumeMounts:
|
||||
- mountPath: /certs
|
||||
name: certs
|
||||
- mountPath: /csr
|
||||
name: csr
|
||||
containers:
|
||||
- name: kubectl
|
||||
image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |-
|
||||
kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem
|
||||
volumeMounts:
|
||||
- mountPath: /certs
|
||||
name: certs
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
volumes:
|
||||
- name: csr
|
||||
configMap:
|
||||
name: {{ include "etcd.csrConfigMapName" . }}
|
||||
- name: certs
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
@@ -5,6 +5,9 @@ metadata:
|
||||
labels:
|
||||
{{- include "etcd.labels" . | nindent 4 }}
|
||||
name: etcd-gen-certs-role
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "-5"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
@@ -38,6 +41,9 @@ metadata:
|
||||
{{- include "etcd.labels" . | nindent 4 }}
|
||||
name: etcd-gen-certs-rolebiding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "-5"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
|
||||
@@ -5,5 +5,8 @@ metadata:
|
||||
labels:
|
||||
{{- include "etcd.labels" . | nindent 4 }}
|
||||
name: {{ include "etcd.serviceAccountName" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "-5"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
||||
@@ -171,6 +171,909 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
affinity:
|
||||
description: 'If specified, the Tenant Control Plane pod''s
|
||||
scheduling constraints. More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/'
|
||||
properties:
|
||||
nodeAffinity:
|
||||
description: Describes node affinity scheduling rules
|
||||
for the pod.
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements
|
||||
of this field and adding "weight" to the sum if
|
||||
the node matches the corresponding matchExpressions;
|
||||
the node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: An empty preferred scheduling term
|
||||
matches all objects with implicit weight 0 (i.e.
|
||||
it's a no-op). A null preferred scheduling term
|
||||
matches no objects (i.e. is also a no-op).
|
||||
properties:
|
||||
preference:
|
||||
description: A node selector term, associated
|
||||
with the corresponding weight.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
weight:
|
||||
description: Weight associated with matching
|
||||
the corresponding nodeSelectorTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- preference
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
affinity requirements specified by this field cease
|
||||
to be met at some point during pod execution (e.g.
|
||||
due to an update), the system may or may not try
|
||||
to eventually evict the pod from its node.
|
||||
properties:
|
||||
nodeSelectorTerms:
|
||||
description: Required. A list of node selector
|
||||
terms. The terms are ORed.
|
||||
items:
|
||||
description: A null or empty node selector term
|
||||
matches no objects. The requirements of them
|
||||
are ANDed. The TopologySelectorTerm type implements
|
||||
a subset of the NodeSelectorTerm.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements
|
||||
by node's labels.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements
|
||||
by node's fields.
|
||||
items:
|
||||
description: A node selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the
|
||||
selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship
|
||||
to a set of values. Valid operators
|
||||
are In, NotIn, Exists, DoesNotExist.
|
||||
Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values.
|
||||
If the operator is In or NotIn,
|
||||
the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty.
|
||||
If the operator is Gt or Lt, the
|
||||
values array must have a single
|
||||
element, which will be interpreted
|
||||
as an integer. This array is replaced
|
||||
during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: array
|
||||
required:
|
||||
- nodeSelectorTerms
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
podAffinity:
|
||||
description: Describes pod affinity scheduling rules (e.g.
|
||||
co-locate this pod in the same node, zone, etc. as some
|
||||
other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling affinity expressions,
|
||||
etc.), compute a sum by iterating through the elements
|
||||
of this field and adding "weight" to the sum if
|
||||
the node has pods which matches the corresponding
|
||||
podAffinityTerm; the node(s) with the highest sum
|
||||
are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred
|
||||
node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term,
|
||||
associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of
|
||||
resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set
|
||||
of namespaces that the term applies to.
|
||||
The term is applied to the union of the
|
||||
namespaces selected by this field and
|
||||
the ones listed in the namespaces field.
|
||||
null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An
|
||||
empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static
|
||||
list of namespace names that the term
|
||||
applies to. The term is applied to the
|
||||
union of the namespaces listed in this
|
||||
field and the ones selected by namespaceSelector.
|
||||
null or empty namespaces list and null
|
||||
namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity)
|
||||
with the pods matching the labelSelector
|
||||
in the specified namespaces, where co-located
|
||||
is defined as running on a node whose
|
||||
value of the label with key topologyKey
|
||||
matches that of any node on which any
|
||||
of the selected pods is running. Empty
|
||||
topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching
|
||||
the corresponding podAffinityTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
affinity requirements specified by this field cease
|
||||
to be met at some point during pod execution (e.g.
|
||||
due to a pod label update), the system may or may
|
||||
not try to eventually evict the pod from its node.
|
||||
When there are multiple elements, the lists of nodes
|
||||
corresponding to each podAffinityTerm are intersected,
|
||||
i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those
|
||||
matching the labelSelector relative to the given
|
||||
namespace(s)) that this pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity) with,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the
|
||||
set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces
|
||||
that the term applies to. The term is applied
|
||||
to the union of the namespaces selected by
|
||||
this field and the ones listed in the namespaces
|
||||
field. null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An empty
|
||||
selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list
|
||||
of namespace names that the term applies to.
|
||||
The term is applied to the union of the namespaces
|
||||
listed in this field and the ones selected
|
||||
by namespaceSelector. null or empty namespaces
|
||||
list and null namespaceSelector means "this
|
||||
pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the
|
||||
pods matching the labelSelector in the specified
|
||||
namespaces, where co-located is defined as
|
||||
running on a node whose value of the label
|
||||
with key topologyKey matches that of any node
|
||||
on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
podAntiAffinity:
|
||||
description: Describes pod anti-affinity scheduling rules
|
||||
(e.g. avoid putting this pod in the same node, zone,
|
||||
etc. as some other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule
|
||||
pods to nodes that satisfy the anti-affinity expressions
|
||||
specified by this field, but it may choose a node
|
||||
that violates one or more of the expressions. The
|
||||
node that is most preferred is the one with the
|
||||
greatest sum of weights, i.e. for each node that
|
||||
meets all of the scheduling requirements (resource
|
||||
request, requiredDuringScheduling anti-affinity
|
||||
expressions, etc.), compute a sum by iterating through
|
||||
the elements of this field and adding "weight" to
|
||||
the sum if the node has pods which matches the corresponding
|
||||
podAffinityTerm; the node(s) with the highest sum
|
||||
are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||
fields are added per-node to find the most preferred
|
||||
node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term,
|
||||
associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of
|
||||
resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set
|
||||
of namespaces that the term applies to.
|
||||
The term is applied to the union of the
|
||||
namespaces selected by this field and
|
||||
the ones listed in the namespaces field.
|
||||
null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An
|
||||
empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The
|
||||
requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label
|
||||
key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents
|
||||
a key's relationship to a set
|
||||
of values. Valid operators are
|
||||
In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array
|
||||
of string values. If the operator
|
||||
is In or NotIn, the values array
|
||||
must be non-empty. If the operator
|
||||
is Exists or DoesNotExist, the
|
||||
values array must be empty.
|
||||
This array is replaced during
|
||||
a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of
|
||||
{key,value} pairs. A single {key,value}
|
||||
in the matchLabels map is equivalent
|
||||
to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are
|
||||
ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static
|
||||
list of namespace names that the term
|
||||
applies to. The term is applied to the
|
||||
union of the namespaces listed in this
|
||||
field and the ones selected by namespaceSelector.
|
||||
null or empty namespaces list and null
|
||||
namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity)
|
||||
with the pods matching the labelSelector
|
||||
in the specified namespaces, where co-located
|
||||
is defined as running on a node whose
|
||||
value of the label with key topologyKey
|
||||
matches that of any node on which any
|
||||
of the selected pods is running. Empty
|
||||
topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching
|
||||
the corresponding podAffinityTerm, in the
|
||||
range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the anti-affinity requirements specified
|
||||
by this field are not met at scheduling time, the
|
||||
pod will not be scheduled onto the node. If the
|
||||
anti-affinity requirements specified by this field
|
||||
cease to be met at some point during pod execution
|
||||
(e.g. due to a pod label update), the system may
|
||||
or may not try to eventually evict the pod from
|
||||
its node. When there are multiple elements, the
|
||||
lists of nodes corresponding to each podAffinityTerm
|
||||
are intersected, i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those
|
||||
matching the labelSelector relative to the given
|
||||
namespace(s)) that this pod should be co-located
|
||||
(affinity) or not co-located (anti-affinity) with,
|
||||
where co-located is defined as running on a node
|
||||
whose value of the label with key <topologyKey>
|
||||
matches that of any node on which a pod of the
|
||||
set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources,
|
||||
in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces
|
||||
that the term applies to. The term is applied
|
||||
to the union of the namespaces selected by
|
||||
this field and the ones listed in the namespaces
|
||||
field. null selector and null or empty namespaces
|
||||
list means "this pod's namespace". An empty
|
||||
selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list
|
||||
of label selector requirements. The requirements
|
||||
are ANDed.
|
||||
items:
|
||||
description: A label selector requirement
|
||||
is a selector that contains values,
|
||||
a key, and an operator that relates
|
||||
the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key
|
||||
that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a
|
||||
key's relationship to a set of values.
|
||||
Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of
|
||||
string values. If the operator is
|
||||
In or NotIn, the values array must
|
||||
be non-empty. If the operator is
|
||||
Exists or DoesNotExist, the values
|
||||
array must be empty. This array
|
||||
is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value}
|
||||
pairs. A single {key,value} in the matchLabels
|
||||
map is equivalent to an element of matchExpressions,
|
||||
whose key field is "key", the operator
|
||||
is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list
|
||||
of namespace names that the term applies to.
|
||||
The term is applied to the union of the namespaces
|
||||
listed in this field and the ones selected
|
||||
by namespaceSelector. null or empty namespaces
|
||||
list and null namespaceSelector means "this
|
||||
pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity)
|
||||
or not co-located (anti-affinity) with the
|
||||
pods matching the labelSelector in the specified
|
||||
namespaces, where co-located is defined as
|
||||
running on a node whose value of the label
|
||||
with key topologyKey matches that of any node
|
||||
on which any of the selected pods is running.
|
||||
Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
extraArgs:
|
||||
description: ExtraArgs allows adding additional arguments
|
||||
to the Control Plane components, such as kube-apiserver,
|
||||
@@ -195,6 +1098,14 @@ spec:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
nodeSelector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'NodeSelector is a selector which must be true
|
||||
for the pod to fit on a node. Selector which must match
|
||||
a node''s labels for the pod to be scheduled on that node.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
||||
type: object
|
||||
replicas:
|
||||
default: 2
|
||||
format: int32
|
||||
@@ -289,6 +1200,49 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
tolerations:
|
||||
description: 'If specified, the Tenant Control Plane pod''s
|
||||
tolerations. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/'
|
||||
items:
|
||||
description: The pod this Toleration is attached to tolerates
|
||||
any taint that matches the triple <key,value,effect> using
|
||||
the matching operator <operator>.
|
||||
properties:
|
||||
effect:
|
||||
description: Effect indicates the taint effect to match.
|
||||
Empty means match all taint effects. When specified,
|
||||
allowed values are NoSchedule, PreferNoSchedule and
|
||||
NoExecute.
|
||||
type: string
|
||||
key:
|
||||
description: Key is the taint key that the toleration
|
||||
applies to. Empty means match all taint keys. If the
|
||||
key is empty, operator must be Exists; this combination
|
||||
means to match all values and all keys.
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents a key's relationship
|
||||
to the value. Valid operators are Exists and Equal.
|
||||
Defaults to Equal. Exists is equivalent to wildcard
|
||||
for value, so that a pod can tolerate all taints of
|
||||
a particular category.
|
||||
type: string
|
||||
tolerationSeconds:
|
||||
description: TolerationSeconds represents the period
|
||||
of time the toleration (which must be of effect NoExecute,
|
||||
otherwise this field is ignored) tolerates the taint.
|
||||
By default, it is not set, which means tolerate the
|
||||
taint forever (do not evict). Zero and negative values
|
||||
will be treated as 0 (evict immediately) by the system.
|
||||
format: int64
|
||||
type: integer
|
||||
value:
|
||||
description: Value is the taint value the toleration
|
||||
matches to. If the operator is Exists, the value should
|
||||
be empty, otherwise just a regular string.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
topologySpreadConstraints:
|
||||
description: TopologySpreadConstraints describes how the Tenant
|
||||
Control Plane pods ought to spread across topology domains.
|
||||
|
||||
@@ -374,6 +374,478 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
affinity:
|
||||
description: 'If specified, the Tenant Control Plane pod''s scheduling constraints. More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/'
|
||||
properties:
|
||||
nodeAffinity:
|
||||
description: Describes node affinity scheduling rules for the pod.
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
||||
properties:
|
||||
preference:
|
||||
description: A node selector term, associated with the corresponding weight.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements by node's labels.
|
||||
items:
|
||||
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements by node's fields.
|
||||
items:
|
||||
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
weight:
|
||||
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- preference
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
|
||||
properties:
|
||||
nodeSelectorTerms:
|
||||
description: Required. A list of node selector terms. The terms are ORed.
|
||||
items:
|
||||
description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of node selector requirements by node's labels.
|
||||
items:
|
||||
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchFields:
|
||||
description: A list of node selector requirements by node's fields.
|
||||
items:
|
||||
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: array
|
||||
required:
|
||||
- nodeSelectorTerms
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
podAffinity:
|
||||
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term, associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
podAntiAffinity:
|
||||
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
||||
properties:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
|
||||
items:
|
||||
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
||||
properties:
|
||||
podAffinityTerm:
|
||||
description: Required. A pod affinity term, associated with the corresponding weight.
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
weight:
|
||||
description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
|
||||
format: int32
|
||||
type: integer
|
||||
required:
|
||||
- podAffinityTerm
|
||||
- weight
|
||||
type: object
|
||||
type: array
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
||||
items:
|
||||
description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
|
||||
properties:
|
||||
labelSelector:
|
||||
description: A label query over a set of resources, in this case pods.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaceSelector:
|
||||
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
namespaces:
|
||||
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
topologyKey:
|
||||
description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
|
||||
type: string
|
||||
required:
|
||||
- topologyKey
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
extraArgs:
|
||||
description: ExtraArgs allows adding additional arguments to the Control Plane components, such as kube-apiserver, controller-manager, and scheduler.
|
||||
properties:
|
||||
@@ -395,6 +867,11 @@ spec:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
nodeSelector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
||||
type: object
|
||||
replicas:
|
||||
default: 2
|
||||
format: int32
|
||||
@@ -469,6 +946,29 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
tolerations:
|
||||
description: 'If specified, the Tenant Control Plane pod''s tolerations. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/'
|
||||
items:
|
||||
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
|
||||
properties:
|
||||
effect:
|
||||
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
|
||||
type: string
|
||||
key:
|
||||
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
|
||||
type: string
|
||||
tolerationSeconds:
|
||||
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
|
||||
format: int64
|
||||
type: integer
|
||||
value:
|
||||
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
topologySpreadConstraints:
|
||||
description: TopologySpreadConstraints describes how the Tenant Control Plane pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. In case of nil underlying LabelSelector, the Kamaji one for the given Tenant Control Plane will be used. All topologySpreadConstraints are ANDed.
|
||||
items:
|
||||
@@ -1706,7 +2206,7 @@ spec:
|
||||
- --datastore=kamaji-etcd
|
||||
command:
|
||||
- /manager
|
||||
image: clastix/kamaji:v0.1.0
|
||||
image: clastix/kamaji:v0.1.1
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
||||
@@ -13,4 +13,4 @@ kind: Kustomization
|
||||
images:
|
||||
- name: controller
|
||||
newName: clastix/kamaji
|
||||
newTag: v0.1.0
|
||||
newTag: v0.1.1
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
# Kamaji documentation
|
||||
|
||||
- [Core Concepts](./concepts.md)
|
||||
- [Architecture](./architecture.md)
|
||||
- [Getting started](./getting-started-with-kamaji.md)
|
||||
- Guides:
|
||||
- [Deploy Kamaji on generic infrastructure](./kamaji-deployment-guide.md)
|
||||
- [Deploy Kamaji on Azure](./kamaji-azure-deployment-guide.md)
|
||||
- Deploy Kamaji on AWS
|
||||
- Deploy Kamaji on GCP
|
||||
- Deploy Kamaji on OpenStack
|
||||
- [Setup Konnectivity service](./konnectivity.md)
|
||||
- [MySQL as Kamaji datastore](./mysql-datastore.md)
|
||||
- [PostgreSQL as Kamaji datastore](./postgresql-datastore.md)
|
||||
- [Tenant Cluster Upgrade](./upgrade.md)
|
||||
- [Reference](./reference.md)
|
||||
- [CNCF Conformance](./conformance.md)
|
||||
- [Versioning](./versioning.md)
|
||||
@@ -1 +0,0 @@
|
||||
# Kamaji architecture
|
||||
@@ -1,6 +1,14 @@
|
||||
# Core Concepts
|
||||
# Concepts
|
||||
|
||||
Kamaji is a Kubernetes Operator. It turns any Kubernetes cluster into an _“admin cluster”_ to orchestrate other Kubernetes clusters called _“tenant clusters”_.
|
||||
Kamaji is a Kubernetes Operator. It turns any Kubernetes cluster into an _“admin cluster”_ to orchestrate other Kubernetes clusters called _“tenant clusters”_.
|
||||
|
||||
These are requirements of the design behind Kamaji:
|
||||
|
||||
- Communication between the _“admin cluster”_ and a _“tenant cluster”_ is unidirectional. The _“admin cluster”_ manages a _“tenant cluster”_, but a _“tenant cluster”_ has no awareness of the _“admin cluster”_.
|
||||
- Communication between different _“tenant clusters”_ is not allowed.
|
||||
- The worker nodes of tenant should not run anything beyond tenant's workloads.
|
||||
|
||||
Goals and scope may vary as the project evolves.
|
||||
|
||||
## Tenant Control Plane
|
||||
What makes Kamaji special is that the Control Plane of a _“tenant cluster”_ is just one or more regular pods running in a namespace of the _“admin cluster”_ instead of a dedicated set of Virtual Machines. This solution makes running control planes at scale cheaper and easier to deploy and operate. The Tenant Control Plane components are packaged in the same way they are running in bare metal or virtual nodes. We leverage the `kubeadm` code to set up the control plane components as they were running on their own server. The unchanged images of upstream `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager` are used.
|
||||
@@ -9,7 +17,7 @@ High Availability and rolling updates of the Tenant Control Plane pods are provi
|
||||
|
||||
Kamaji offers a [Custom Resource Definition](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) to provide a declarative approach of managing a Tenant Control Plane. This *CRD* is called `TenantControlPlane`, or `tcp` in short.
|
||||
|
||||
All the _“tenant clusters”_ built with Kamaji are fully compliant CNCF Kubernetes clusters and are compatible with the standard Kubernetes toolchains everybody knows and loves. See [CNCF compliance](./compliance.md).
|
||||
All the _“tenant clusters”_ built with Kamaji are fully compliant CNCF Kubernetes clusters and are compatible with the standard Kubernetes toolchains everybody knows and loves. See [CNCF compliance](reference/conformance.md).
|
||||
|
||||
## Tenant worker nodes
|
||||
And what about the tenant worker nodes? They are just _"worker nodes"_, i.e. regular virtual or bare metal machines, connecting to the APIs server of the Tenant Control Plane. Kamaji's goal is to manage the lifecycle of hundreds of these _“tenant clusters”_, not only one, so how to add another tenant cluster to Kamaji? As you could expect, you have just deploys a new Tenant Control Plane in one of the _“admin cluster”_ namespace, and then joins the tenant worker nodes to it.
|
||||
@@ -27,11 +35,13 @@ Kamaji offers the option of using a more capable datastore than `etcd` to save t
|
||||
### Pooling
|
||||
By default, Kamaji is expecting to persist all the _“tenant clusters”_ data in a unique datastore that could be backed by different drivers. However, you can pick a different datastore for a specific set of _“tenant clusters”_ that could have different resources assigned or a different tiering. Pooling of multiple datastore is an option you can leverage for a very large set of _“tenant clusters”_ so you can distribute the load properly. As future improvements, we have a _datastore scheduler_ feature in roadmap so that Kamaji itself can assign automatically a _“tenant cluster”_ to the best datastore in the pool.
|
||||
|
||||
## Requirements of design
|
||||
These are requirements of design behind Kamaji:
|
||||
## Konnectivity
|
||||
|
||||
- Communication between the _“admin cluster”_ and a _“tenant cluster”_ is unidirectional. The _“admin cluster”_ manages a _“tenant cluster”_, but a _“tenant cluster”_ has no awareness of the _“admin cluster”_.
|
||||
- Communication between different _“tenant clusters”_ is not allowed.
|
||||
- The worker nodes of tenant should not run anything beyond tenant's workloads.
|
||||
In addition to the standard control plane containers, Kamaji creates an instance of [konnectivity-server](https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/) running as sidecar container in the `tcp` pod and exposed on port `8132` of the `tcp` service.
|
||||
|
||||
This is required when the tenant worker nodes are not reachable from the `tcp` pods. The Konnectivity service consists of two parts: the Konnectivity server in the tenant control plane pod and the Konnectivity agents running on the tenant worker nodes.
|
||||
|
||||
After worker nodes joined the tenant control plane, the Konnectivity agents initiate connections to the Konnectivity server and maintain the network connections. After enabling the Konnectivity service, all control plane to worker nodes traffic goes through these connections.
|
||||
|
||||
> In Kamaji, Konnectivity is enabled by default and can be disabled when not required.
|
||||
|
||||
Goals and scope may vary as the project evolves.
|
||||
22
docs/content/contribute/governance.md
Normal file
22
docs/content/contribute/governance.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Governance
|
||||
|
||||
This document lays out the guidelines under which the Kamaji project will be governed.
|
||||
The goal is to make sure that the roles and responsibilities are well defined and clarify how decisions are made.
|
||||
|
||||
## Roles
|
||||
|
||||
In the context of Kamaji project, we consider the following roles:
|
||||
|
||||
* __Users__: everyone using Kamaji, typically willing to provide feedback by proposing features and/or filing issues.
|
||||
|
||||
* __Contributors__: everyone contributing code, documentation, examples, tests, and participating in feature proposals as well as design discussions.
|
||||
|
||||
* __Maintainers__: are responsible for engaging with and assisting contributors to iterate on the contributions until it reaches acceptable quality. Maintainers can decide whether the contributions can be accepted into the project or rejected.
|
||||
|
||||
## Release Management
|
||||
|
||||
The release process will be governed by Maintainers.
|
||||
|
||||
## Roadmap Planning
|
||||
|
||||
Maintainers will share roadmap and release versions as milestones in GitHub [project's page](https://github.com/clastix/kamaji).
|
||||
83
docs/content/contribute/guidelines.md
Normal file
83
docs/content/contribute/guidelines.md
Normal file
@@ -0,0 +1,83 @@
|
||||
# General
|
||||
|
||||
Thank you for your interest in contributing to Kamaji. Whether it's a bug report, new feature, correction, or additional documentation, we greatly value feedback and contributions from our community.
|
||||
|
||||
Please read through this document before submitting any issues or pull requests to ensure we have all the necessary information to effectively respond to your bug report or contribution.
|
||||
|
||||
## Pull Requests
|
||||
|
||||
Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
|
||||
|
||||
1. You are working against the latest source on the *master* branch.
|
||||
1. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
|
||||
1. You open an issue to discuss any significant work: we would hate for your time to be wasted.
|
||||
|
||||
To send us a pull request, please:
|
||||
|
||||
1. Fork the repository.
|
||||
1. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it
|
||||
will be hard for us to focus on your change.
|
||||
1. Ensure local tests pass.
|
||||
1. Commit to your fork using clear commit messages.
|
||||
1. Send us a pull request, answering any default questions in the pull request interface.
|
||||
1. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
|
||||
|
||||
GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
|
||||
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
|
||||
|
||||
Make sure to keep Pull Requests small and functional to make them easier to review, understand, and look up in commit history. This repository uses "Squash and Commit" to keep our history clean and make it easier to revert changes based on PR. Adding the appropriate documentation, unit tests and e2e tests as part of a feature is the responsibility of the
|
||||
feature owner, whether it is done in the same Pull Request or not. All the Pull Requests must refer to an already open issue: this is the first phase to contribute also for informing maintainers about the issue.
|
||||
|
||||
## Commits
|
||||
|
||||
Commit's first line should not exceed 50 columns.
|
||||
|
||||
A commit description is welcomed to explain more the changes: just ensure to put a blank line and an arbitrary number of maximum 72 characters long lines, at most one blank line between them.
|
||||
|
||||
Please, split changes into several and documented small commits: this will help us to perform a better review. Commits must follow the Conventional Commits Specification, a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of. This convention dovetails with Semantic Versioning, by describing the features, fixes, and breaking changes made in commit messages. See [Conventional Commits Specification](https://www.conventionalcommits.org) to learn about Conventional Commits.
|
||||
|
||||
> In case of errors or need of changes to previous commits, fix them squashing to make changes atomic.
|
||||
|
||||
## Code convention
|
||||
|
||||
Kamaji is written in Golang. The changes must follow the Pull Request method where a _GitHub Action_ will
|
||||
check the `golangci-lint`, so ensure your changes respect the coding standard.
|
||||
|
||||
### golint
|
||||
|
||||
You can easily check them issuing the _Make_ recipe `golint`.
|
||||
|
||||
```
|
||||
# make golint
|
||||
golangci-lint run -c .golangci.yml
|
||||
```
|
||||
|
||||
> Enabled linters and related options are defined in the [.golanci.yml file](https://github.com/clastix/Kamaji/blob/master/.golangci.yml)
|
||||
|
||||
## Finding contributions to work on
|
||||
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the
|
||||
default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted'
|
||||
and 'good first issue' issues are a great place to start.
|
||||
|
||||
## Design Docs
|
||||
|
||||
A contributor proposes a design with a PR on the repository to allow for revisions and discussions. If a design needs to be discussed before formulating a document for it, make use of GitHub Discussions to involve the community on the discussion.
|
||||
|
||||
## GitHub Issues
|
||||
|
||||
GitHub Issues are used to file bugs, work items, and feature requests with actionable items/issues.
|
||||
|
||||
When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
|
||||
|
||||
* A reproducible test case or series of steps
|
||||
* The version of the code being used
|
||||
* Any modifications you've made relevant to the bug
|
||||
* Anything unusual about your environment or deployment
|
||||
|
||||
## Miscellanea
|
||||
|
||||
Please, add a new single line at end of any file as the current coding style.
|
||||
|
||||
## Licensing
|
||||
|
||||
See the [LICENSE](https://github.com/clastix/Kamaji/blob/master/LICENSE) file for our project's licensing. We can ask you to confirm the licensing of your contribution.
|
||||
2
docs/content/contribute/index.md
Normal file
2
docs/content/contribute/index.md
Normal file
@@ -0,0 +1,2 @@
|
||||
# Guidelines
|
||||
Guidelines for community contributions.
|
||||
@@ -1,19 +1,18 @@
|
||||
# Setup a minimal Kamaji for development
|
||||
# Getting started
|
||||
|
||||
This document explains how to deploy a minimal Kamaji setup on [KinD](https://kind.sigs.k8s.io/) for development scopes. Please refer to the [Kamaji documentation](../concepts.md) for understanding all the terms used in this guide, as for example: `admin cluster`, `tenant cluster`, and `tenant control plane`.
|
||||
This document explains how to deploy a minimal Kamaji setup on [KinD](https://kind.sigs.k8s.io/) for development scopes. Please refer to the [Kamaji documentation](concepts.md) for understanding all the terms used in this guide, as for example: `admin cluster`, `tenant cluster`, and `tenant control plane`.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
We assume you have installed on your workstation:
|
||||
|
||||
- [Docker](https://docs.docker.com/engine/install/)
|
||||
- [Docker](https://docker.com)
|
||||
- [KinD](https://kind.sigs.k8s.io/)
|
||||
- [kubectl@v1.25.0](https://kubernetes.io/docs/tasks/tools/)
|
||||
- [kubeadm@v1.25.0](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/)
|
||||
- [kubectl@v1.25.0](https://kubernetes.io/docs/tasks/tools/#kubectl)
|
||||
- [kubeadm@v1.25.0](https://kubernetes.io/docs/tasks/tools/#kubeadm)
|
||||
- [jq](https://stedolan.github.io/jq/)
|
||||
- [openssl](https://www.openssl.org/)
|
||||
- [cfssl](https://github.com/cloudflare/cfssl)
|
||||
- [cfssljson](https://github.com/cloudflare/cfssl)
|
||||
- [cfssl/cfssljson](https://github.com/cloudflare/cfssl)
|
||||
|
||||
|
||||
> Starting from Kamaji v0.0.2, `kubectl` and `kubeadm` need to meet at least minimum version to `v1.25.0`:
|
||||
@@ -65,7 +64,7 @@ Deploy a MySQL/MariaDB backend into the Kamaji node:
|
||||
$ make -C deploy/kine/mysql mariadb
|
||||
```
|
||||
|
||||
Adjust the [Kamaji install manifest](../config/install.yaml) according to the example of a [MySQL DataStore](../config/samples/kamaji_v1alpha1_datastore_mysql.yaml) and make sure Kamaji uses the proper datastore name:
|
||||
Adjust the Kamaji install manifest `config/install.yaml` according to the example of a MySQL DataStore `config/samples/kamaji_v1alpha1_datastore_mysql.yaml` and make sure Kamaji uses the proper datastore name:
|
||||
|
||||
```
|
||||
--datastore={.metadata.name}
|
||||
@@ -81,7 +80,7 @@ Deploy a PostgreSQL backend into the Kamaji node:
|
||||
$ make -C deploy/kine/postgresql postgresql
|
||||
```
|
||||
|
||||
Adjust the [Kamaji install manifest](../config/install.yaml) according to the example of a [PostgreSQL DataStore](../config/samples/kamaji_v1alpha1_datastore_postgresql.yaml) and make sure Kamaji uses the proper datastore name:
|
||||
Adjust the Kamaji install manifest `config/install.yaml` according to the example of a PostgreSQL DataStore `config/samples/kamaji_v1alpha1_datastore_postgresql.yaml` and make sure Kamaji uses the proper datastore name:
|
||||
|
||||
```
|
||||
--datastore={.metadata.name}
|
||||
3
docs/content/guides/index.md
Normal file
3
docs/content/guides/index.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# How to Guides
|
||||
|
||||
This section of the Kamaji documentation contains pages that show how to do a specific thing, typically by giving a sequence of steps.
|
||||
@@ -97,9 +97,9 @@ kubectl cluster-info
|
||||
```
|
||||
|
||||
## Install datastore
|
||||
The Kamaji controller needs to access a multi-tenant datastore in order to save data of the tenants' clusters. The [Helm Chart](../charts/kamaji/) provides the installation of an unamanaged `etcd`. However, a managed `etcd` is highly recommended in production.
|
||||
The Kamaji controller needs to access a multi-tenant datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of an unamanaged `etcd`. However, a managed `etcd` is highly recommended in production.
|
||||
|
||||
The [kamaji-etcd](https://github.com/clastix/kamaji-etcd) project provides a viable option to setup a manged multi-tenant `etcd` as 3 replicas StatefulSet with data persistence:
|
||||
As alternative, the [kamaji-etcd](https://github.com/clastix/kamaji-etcd) project provides a viable option to setup a manged multi-tenant `etcd` as 3 replicas StatefulSet with data persistence:
|
||||
|
||||
```bash
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
@@ -110,9 +110,7 @@ helm install etcd clastix/kamaji-etcd -n kamaji-system --create-namespace
|
||||
Optionally, Kamaji offers the possibility of using a different storage system for the tenants' clusters, as MySQL or PostgreSQL compatible database, thanks to the native [kine](https://github.com/k3s-io/kine) integration.
|
||||
|
||||
## Install Kamaji Controller
|
||||
There are multiple ways to deploy Kamaji, including a [single YAML file](../config/install.yaml) and the [Helm Chart](../charts/kamaji).
|
||||
|
||||
Install with `helm` using an unmanaged `etcd` as datastore:
|
||||
Install Kamaji with `helm` using an unmanaged `etcd` as datastore:
|
||||
|
||||
```bash
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
@@ -273,7 +271,7 @@ NAME ENDPOINTS AGE
|
||||
kubernetes 10.240.0.100:6443 57m
|
||||
```
|
||||
|
||||
### Preparing Worker Nodes to join
|
||||
### Prepare worker nodes to join
|
||||
Currently Kamaji does not provide any helper for creation of tenant worker nodes. You should get a set of machines from your infrastructure provider, turn them into worker nodes, and then join to the tenant control plane with the `kubeadm`. In the future, we'll provide integration with Cluster APIs and other tools, as for example, Terrform.
|
||||
|
||||
Create an Azure VM Stateful Set to host worker nodes
|
||||
@@ -307,12 +305,11 @@ az vmss scale \
|
||||
--new-capacity 3
|
||||
```
|
||||
|
||||
### Join the tenant virtual machines to the tenant control plane
|
||||
### Join worker nodes
|
||||
The current approach for joining nodes is to use `kubeadm` and therefore, we will create a bootstrap token to perform the action. In order to facilitate the step, we will store the entire command of joining in a variable:
|
||||
|
||||
```bash
|
||||
TENANT_ADDR=$(kubectl -n ${TENANT_NAMESPACE} get svc ${TENANT_NAME} -o json | jq -r ."spec.loadBalancerIP")
|
||||
|
||||
JOIN_CMD=$(echo "sudo kubeadm join ${TENANT_ADDR}:6443 ")$(kubeadm --kubeconfig=${TENANT_NAMESPACE}-${TENANT_NAME}.kubeconfig token create --print-join-command |cut -d" " -f4-)
|
||||
```
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# Setup Kamaji on a generic infrastructure
|
||||
This guide will lead you through the process of creating a working Kamaji setup on a generic infrastructure, both virtual or bare metal.
|
||||
This guide will lead you through the process of creating a working Kamaji setup on a generic infrastructure, either virtual or bare metal.
|
||||
|
||||
The material here is relatively dense. We strongly encourage you to dedicate time to walk through these instructions, with a mind to learning. We do NOT provide any "one-click" deployment here. However, once you've understood the components involved it is encouraged that you build suitable, auditable GitOps deployment processes around your final infrastructure.
|
||||
|
||||
@@ -52,9 +52,9 @@ Any regular and conformant Kubernetes v1.22+ cluster can be turned into a Kamaji
|
||||
Make sure you have a `kubeconfig` file with admin permissions on the cluster you want to turn into Kamaji Admin Cluster.
|
||||
|
||||
## Install datastore
|
||||
The Kamaji controller needs to access a multi-tenant datastore in order to save data of the tenants' clusters. The [Helm Chart](../charts/kamaji/) provides the installation of an unamanaged `etcd`. However, a managed `etcd` is highly recommended in production.
|
||||
The Kamaji controller needs to access a multi-tenant datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of an unamanaged `etcd`. However, a managed `etcd` is highly recommended in production.
|
||||
|
||||
The [kamaji-etcd](https://github.com/clastix/kamaji-etcd) project provides a viable option to setup a manged multi-tenant `etcd` as 3 replicas StatefulSet with data persistence:
|
||||
As alternative, the [kamaji-etcd](https://github.com/clastix/kamaji-etcd) project provides a viable option to setup a manged multi-tenant `etcd` as 3 replicas StatefulSet with data persistence:
|
||||
|
||||
```bash
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
@@ -65,9 +65,7 @@ helm install etcd clastix/kamaji-etcd -n kamaji-system --create-namespace
|
||||
Optionally, Kamaji offers the possibility of using a different storage system for the tenants' clusters, as MySQL or PostgreSQL compatible database, thanks to the native [kine](https://github.com/k3s-io/kine) integration.
|
||||
|
||||
## Install Kamaji Controller
|
||||
There are multiple ways to deploy Kamaji, including a [single YAML file](../config/install.yaml) and the [Helm Chart](../charts/kamaji).
|
||||
|
||||
Install with `helm` using an unmanaged `etcd` as datastore:
|
||||
Install Kamaji with `helm` using an unmanaged `etcd` as datastore:
|
||||
|
||||
```bash
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
@@ -234,11 +232,11 @@ kubernetes 192.168.32.240:6443 18m
|
||||
|
||||
And make sure it is `${TENANT_ADDR}:${TENANT_PORT}`.
|
||||
|
||||
### Preparing Worker Nodes to join
|
||||
### Prepare worker nodes to join
|
||||
|
||||
Currently Kamaji does not provide any helper for creation of tenant worker nodes. You should get a set of machines from your infrastructure provider, turn them into worker nodes, and then join to the tenant control plane with the `kubeadm`. In the future, we'll provide integration with Cluster APIs and other tools, as for example, Terrform.
|
||||
Currently Kamaji does not provide any helper for creation of tenant worker nodes. You should get a set of machines from your infrastructure provider, turn them into worker nodes, and then join to the tenant control plane with the `kubeadm`. In the future, we'll provide integration with Cluster APIs and other tools, as for example, Terraform.
|
||||
|
||||
Use a simple bash script `nodes-prerequisites.sh`, as provided into this repo, in order to install the dependencies on all the worker nodes:
|
||||
You can use the provided helper script `/deploy/nodes-prerequisites.sh`, in order to install the dependencies on all the worker nodes:
|
||||
|
||||
- Install `containerd` as container runtime
|
||||
- Install `crictl`, the command line for working with `containerd`
|
||||
@@ -253,16 +251,13 @@ HOSTS=(${WORKER0} ${WORKER1} ${WORKER2})
|
||||
./nodes-prerequisites.sh ${TENANT_VERSION:1} ${HOSTS[@]}
|
||||
```
|
||||
|
||||
### Join Command
|
||||
|
||||
### Join worker nodes
|
||||
The current approach for joining nodes is to use `kubeadm` and therefore, we will create a bootstrap token to perform the action. In order to facilitate the step, we will store the entire command of joining in a variable:
|
||||
|
||||
```bash
|
||||
JOIN_CMD=$(echo "sudo ")$(kubeadm --kubeconfig=${TENANT_NAMESPACE}-${TENANT_NAME}.kubeconfig token create --print-join-command)
|
||||
```
|
||||
|
||||
### Adding Worker Nodes
|
||||
|
||||
A bash loop will be used to join all the available nodes.
|
||||
|
||||
```bash
|
||||
@@ -335,4 +330,4 @@ Delete the tenant control plane from kamaji
|
||||
kubectl delete -f ${TENANT_NAMESPACE}-${TENANT_NAME}-tcp.yaml
|
||||
```
|
||||
|
||||
That's all folks!
|
||||
That's all folks!
|
||||
@@ -2,4 +2,4 @@
|
||||
|
||||
Kamaji offers the possibility of having a different storage system than `ETCD` thanks to [kine](https://github.com/k3s-io/kine) integration. One of the implementations is [MySQL](https://www.mysql.com/).
|
||||
|
||||
> A detailed guide for production setup will be released soon. Please refer to [Getting Started Guide](./getting-started-with-kamaji.md) for a demo setup with KinD.
|
||||
> A detailed guide for production setup will be released soon. Please refer to [Getting Started Guide](../getting-started.md) for a demo setup with KinD.
|
||||
@@ -3,4 +3,4 @@
|
||||
Kamaji offers the possibility of having a different storage system than `etcd` thanks to [kine](https://github.com/k3s-io/kine) integration.
|
||||
One of the implementations is [PostgreSQL](https://www.postgresql.org/).
|
||||
|
||||
> A detailed guide for production setup will be released soon. Please refer to [Getting Started Guide](./getting-started-with-kamaji.md) for a demo setup with KinD.
|
||||
> A detailed guide for production setup will be released soon. Please refer to [Getting Started Guide](../getting-started.md) for a demo setup with KinD.
|
||||
13
docs/content/guides/upgrade.md
Normal file
13
docs/content/guides/upgrade.md
Normal file
@@ -0,0 +1,13 @@
|
||||
# Tenant Cluster Upgrade
|
||||
The process of upgrading a _“tenant cluster”_ consists in two steps:
|
||||
|
||||
1. Upgrade the Tenant Control Plane
|
||||
2. Upgrade of Tenant Worker Nodes
|
||||
|
||||
## Upgrade of Tenant Control Plane
|
||||
You should patch the `TenantControlPlane.spec.kubernetes.version` custom resource with a new compatible value according to the [Version Skew Policy](https://kubernetes.io/releases/version-skew-policy/).
|
||||
|
||||
> Note: during the upgrade, a new ReplicaSet of Tenant Control Plane pod will be created, so make sure you have at least two pods to avoid service disruption.
|
||||
|
||||
## Upgrade of Tenant Worker Nodes
|
||||
As currently Kamaji is not providing any helpers for Tenant Worker Nodes, you should make sure to upgrade them manually, for example, with the help of `kubeadm`. We have in roadmap, the Cluster APIs support so that you can upgrade _“tenant clusters”_ in a fully declarative way.
|
||||
|
Before Width: | Height: | Size: 189 KiB After Width: | Height: | Size: 189 KiB |
|
Before Width: | Height: | Size: 184 KiB After Width: | Height: | Size: 184 KiB |
51
docs/content/index.md
Normal file
51
docs/content/index.md
Normal file
@@ -0,0 +1,51 @@
|
||||
# Kamaji
|
||||
**Kamaji** deploys and operates Kubernetes at scale with a fraction of the operational burden.
|
||||
|
||||
## How it works
|
||||
Kamaji turns any Kubernetes cluster into an _“admin cluster”_ to orchestrate other Kubernetes clusters called _“tenant clusters”_. What makes Kamaji special is that Control Planes of _“tenant clusters”_ are just regular pods running in the _“admin cluster”_ instead of dedicated Virtual Machines. This solution makes running control planes at scale cheaper and easier to deploy and operate. View [Concepts](concepts.md) for a deeper understanding of principles behind Kamaji's design.
|
||||
|
||||
|
||||
|
||||
|
||||
All the tenant clusters built with Kamaji are fully compliant [CNCF Certified Kubernetes](https://www.cncf.io/certification/software-conformance/) and are compatible with the standard toolchains everybody knows and loves.
|
||||
|
||||
<p align="center" style="padding: 6px 6px">
|
||||
<img src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/certified-kubernetes/versionless/color/certified-kubernetes-color.png" width="200" />
|
||||
</p>
|
||||
|
||||
## Features
|
||||
|
||||
- **Self Service Kubernetes:** leave users the freedom to self-provision their Kubernetes clusters according to the assigned boundaries.
|
||||
- **Multi-cluster Management:** centrally manage multiple tenant clusters from a single admin cluster. Happy SREs.
|
||||
- **Cheaper Control Planes:** place multiple tenant control planes on a single node, instead of having three nodes for a single control plane.
|
||||
- **Stronger Multi-Tenancy:** leave tenants to access the control plane with admin permissions while keeping the tenant isolated at the infrastructure level.
|
||||
- **Kubernetes Inception:** use Kubernetes to manage Kubernetes by re-using all the Kubernetes goodies you already know and love.
|
||||
- **Full APIs compliant:** tenant clusters are fully CNCF compliant built with upstream Kubernetes binaries. A user does not see differences between a Kamaji provisioned cluster and a dedicated cluster.
|
||||
|
||||
## Getting started
|
||||
|
||||
Please refer to the [Getting Started guide](getting-started.md) to deploy a minimal setup of Kamaji on [KinD](https://kind.sigs.k8s.io/).
|
||||
|
||||
## Open Source
|
||||
Kamaji is Open Source with Apache 2 license and any contribution is welcome. Open an issue or suggest an enhancement on the GitHub [project's page](https://github.com/clastix/kamaji). Join the [Kubernetes Slack Workspace](https://slack.k8s.io/) and the [`#kamaji`](https://kubernetes.slack.com/archives/C03GLTTMWNN) channel to meet end-users and contributors.
|
||||
|
||||
## FAQs
|
||||
Q. What does Kamaji mean?
|
||||
|
||||
A. Kamaji is named as the character _Kamaji_ from the Japanese movie [_Spirited Away_](https://en.wikipedia.org/wiki/Spirited_Away).
|
||||
|
||||
Q. Is Kamaji another Kubernetes distribution?
|
||||
|
||||
A. No, Kamaji is a Kubernetes Operator you can install on top of any Kubernetes cluster to provide hundreds or thousands of managed Kubernetes clusters as a service. We tested Kamaji on vanilla Kubernetes 1.22+, KinD, and Azure AKS. We expect it to work smoothly on other Kubernetes distributions. The tenant clusters made with Kamaji are conformant CNCF Kubernetes clusters as we leverage [`kubeadm`](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/).
|
||||
|
||||
Q. Is it safe to run Kubernetes control plane components in a pod instead of dedicated virtual machines?
|
||||
|
||||
A. Yes, the tenant control plane components are packaged in the same way they are running in bare metal or virtual nodes. We leverage the `kubeadm` code to set up the control plane components as they were running on their own server. The unchanged images of upstream `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager` are used.
|
||||
|
||||
Q. You already provide a Kubernetes multi-tenancy solution with [Capsule](https://capsule.clastix.io). Why does Kamaji matter?
|
||||
|
||||
A. A multi-tenancy solution, like Capsule shares the Kubernetes control plane among all tenants keeping tenant namespaces isolated by policies. While the solution is the right choice by balancing between features and ease of usage, there are cases where a tenant user requires access to the control plane, for example, when a tenant requires to manage CRDs on his own. With Kamaji, you can provide cluster admin permissions to the tenant.
|
||||
|
||||
Q. Well you convinced me, how to get a try?
|
||||
|
||||
A. It is possible to get started with Kamaji on a laptop with [KinD](getting-started.md) installed.
|
||||
File diff suppressed because it is too large
Load Diff
@@ -39,45 +39,3 @@ Available environment variables are:
|
||||
| `KAMAJI_HEALTH_PROBE_BIND_ADDRESS` | The address the probe endpoint binds to. (default ":8081") |
|
||||
| `KAMAJI_LEADER_ELECTION` | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |
|
||||
| `KAMAJI_TMP_DIRECTORY` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") |
|
||||
|
||||
|
||||
## Build and deploy
|
||||
Clone the repo on your workstation.
|
||||
|
||||
```bash
|
||||
## Install dependencies
|
||||
$ go mod tidy
|
||||
|
||||
## Generate code
|
||||
$ make generate
|
||||
|
||||
## Generate Manifests
|
||||
$ make manifests
|
||||
|
||||
## Install Manifests
|
||||
$ make install
|
||||
|
||||
## Build Docker Image
|
||||
$ IMG=<image name and tag> make docker-build
|
||||
|
||||
## Push Docker Image
|
||||
$ IMG=<image name and tag> make docker-push
|
||||
|
||||
## Deploy Kamaji
|
||||
$ IMG=<image name and tag> make deploy
|
||||
|
||||
## YAML Installation File
|
||||
$ make yaml-installation-file
|
||||
|
||||
```
|
||||
|
||||
It will generate a yaml installation file at `config/install.yaml`. It should be customized accordingly.
|
||||
|
||||
## Custom Resource Definitions
|
||||
|
||||
**Kamaji** offers a set of [CRD](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) to provide a declarative approach of managing tenant control planes:
|
||||
|
||||
- `TenantControlPlane`, or `tcp` in short
|
||||
- `DataStore`
|
||||
|
||||
For details, see [apireference](apireference.md).
|
||||
@@ -1,9 +1,19 @@
|
||||
# CNCF Conformance
|
||||
For organizations using Kubernetes, conformance enables interoperability, consistency, and confirmability between Kubernetes installations. The Cloud Computing Native Foundation - CNCF - provides the [Certified Kubernetes Conformance Program](https://www.cncf.io/certification/software-conformance/). All the _“tenant clusters”_ built with Kamaji are CNCF conformant.
|
||||
# Conformance
|
||||
For organizations using Kubernetes, conformance enables interoperability, consistency, and confirmability between Kubernetes installations. The Cloud Computing Native Foundation - CNCF - provides the [Certified Kubernetes Conformance Program](https://www.cncf.io/certification/software-conformance/).
|
||||
|
||||
The standard set of conformance tests is currently those defined by the `[Conformance]` tag in the
|
||||
[kubernetes e2e](https://github.com/kubernetes/kubernetes/tree/master/test/e2e) suite.
|
||||
|
||||
All the _“tenant clusters”_ built with Kamaji are CNCF conformant:
|
||||
|
||||
- [v1.23](https://github.com/cncf/k8s-conformance/pull/2194)
|
||||
- [v1.24](https://github.com/cncf/k8s-conformance/pull/2193)
|
||||
- [v1.25](https://github.com/cncf/k8s-conformance/pull/2188)
|
||||
|
||||
<p align="left" style="padding: 6px 6px">
|
||||
<img src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/certified-kubernetes/versionless/color/certified-kubernetes-color.png" width="100" />
|
||||
</p>
|
||||
|
||||
## Running the conformance tests
|
||||
|
||||
The standard tool for running CNCF conformance tests is [Sonobuoy](https://github.com/vmware-tanzu/sonobuoy). Sonobuoy is
|
||||
2
docs/content/reference/index.md
Normal file
2
docs/content/reference/index.md
Normal file
@@ -0,0 +1,2 @@
|
||||
# Reference
|
||||
This section of the Kamaji documentation contains references to the project's specifications.
|
||||
@@ -1,4 +1,5 @@
|
||||
# Versioning and support
|
||||
# Versioning
|
||||
|
||||
In Kamaji, there are different components that might require independent versioning and support level:
|
||||
|
||||
|Kamaji|Admin Cluster|Tenant Cluster (min)|Tenant Cluster (max)|Konnectivity|Tenant etcd |
|
||||
@@ -6,4 +7,4 @@ In Kamaji, there are different components that might require independent version
|
||||
|0.0.1 |1.22.0+ |1.21.0 |1.23.5 |0.0.31 |3.5.4 |
|
||||
|0.0.2 |1.22.0+ |1.21.0 |1.25.0 |0.0.32 |3.5.4 |
|
||||
|
||||
Other combinations might work but they have not been yet tested.
|
||||
Other combinations might work but they have not been yet tested.
|
||||
11
docs/content/use-cases.md
Normal file
11
docs/content/use-cases.md
Normal file
@@ -0,0 +1,11 @@
|
||||
# Use Cases
|
||||
Kamaji project has been initially started as a solution for actual and common problems such as minimizing the Total Cost of Ownership while running Kubernetes at large scale. However, it can open a wider range of use cases.
|
||||
|
||||
Here are a few:
|
||||
|
||||
- **Managed Kubernetes:** enable companies to provide Cloud Native Infrastructure with ease by introducing a strong separation of concerns between management and workloads. Centralize clusters management, monitoring, and observability by leaving developers to focus on applications, increase productivity and reduce operational costs.
|
||||
- **Kubernetes as a Service:** provide Kubernetes clusters in a self-service fashion by running management and workloads on different infrastructures with the option of Bring Your Own Device, BYOD.
|
||||
- **Control Plane as a Service:** provide multiple Kubernetes control planes running on top of a single Kubernetes cluster. Tenants who use namespaces based isolation often still need access to cluster wide resources like Cluster Roles, Admission Webhooks, or Custom Resource Definitions.
|
||||
- **Edge Computing:** distribute Kubernetes workloads across edge computing locations without having to manage multiple clusters across various providers. Centralize management of hundreds of control planes while leaving workloads to run isolated on their own dedicated infrastructure.
|
||||
- **Cluster Simulation:** check new Kubernetes API or experimental flag or a new tool without impacting production operations. Kamaji will let you simulate such things in a safe and controlled environment.
|
||||
- **Workloads Testing:** check the behaviour of your workloads on different and multiple versions of Kubernetes with ease by deploying multiple Control Planes in a single cluster.
|
||||
@@ -1,9 +0,0 @@
|
||||
# Set up Konnectivity service
|
||||
|
||||
In addition to the standard control plane containers, Kamaji creates an instance of [konnectivity-server](https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/) running as sidecar container in the `tcp` pod and exposed on port `8132` of the `tcp` service.
|
||||
|
||||
This is required when the tenant worker nodes are not reachable from the `tcp` pods. The Konnectivity service consists of two parts: the Konnectivity server in the tenant control plane pod and the Konnectivity agents running on the tenant worker nodes.
|
||||
|
||||
After worker nodes joined the tenant control plane, the Konnectivity agents initiate connections to the Konnectivity server and maintain the network connections. After enabling the Konnectivity service, all control plane to worker nodes traffic goes through these connections.
|
||||
|
||||
> In Kamaji, Konnectivity is enabled by default and can be disabled when not required.
|
||||
61
docs/mkdocs.yml
Normal file
61
docs/mkdocs.yml
Normal file
@@ -0,0 +1,61 @@
|
||||
site_name: Kamaji
|
||||
repo_name: clastix/kamaji
|
||||
repo_url: https://github.com/clastix/kamaji
|
||||
site_url: https://kamaji.clastix.io/
|
||||
docs_dir: content
|
||||
site_dir: site
|
||||
|
||||
theme:
|
||||
name: material
|
||||
features:
|
||||
- navigation.tabs
|
||||
- navigation.tabs.sticky
|
||||
- navigation.instant
|
||||
- navigation.sections
|
||||
include_sidebar: true
|
||||
palette:
|
||||
|
||||
# Palette toggle for automatic mode
|
||||
- media: "(prefers-color-scheme)"
|
||||
toggle:
|
||||
icon: material/brightness-auto
|
||||
name: Switch to light mode
|
||||
|
||||
# Palette toggle for light mode
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
toggle:
|
||||
icon: material/lightbulb
|
||||
name: Switch to dark mode
|
||||
|
||||
# Palette toggle for dark mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
toggle:
|
||||
icon: material/lightbulb-outline
|
||||
name: Switch to system preference
|
||||
|
||||
# Generate navigation bar
|
||||
nav:
|
||||
- 'Kamaji': index.md
|
||||
- 'Getting started': getting-started.md
|
||||
- 'Concepts': concepts.md
|
||||
- 'Guides':
|
||||
- guides/index.md
|
||||
- guides/kamaji-deployment-guide.md
|
||||
- guides/kamaji-azure-deployment-guide.md
|
||||
- guides/postgresql-datastore.md
|
||||
- guides/mysql-datastore.md
|
||||
- guides/upgrade.md
|
||||
- 'Use Cases': use-cases.md
|
||||
- 'Reference':
|
||||
- reference/index.md
|
||||
- reference/configuration.md
|
||||
- reference/conformance.md
|
||||
- reference/versioning.md
|
||||
- reference/api.md
|
||||
- 'Contribute':
|
||||
- contribute/index.md
|
||||
- contribute/guidelines.md
|
||||
- contribute/governance.md
|
||||
|
||||
2
docs/requirements.txt
Normal file
2
docs/requirements.txt
Normal file
@@ -0,0 +1,2 @@
|
||||
mkdocs>=1.3.0
|
||||
mkdocs-material>=8.2.8
|
||||
1
docs/runtime.txt
Normal file
1
docs/runtime.txt
Normal file
@@ -0,0 +1 @@
|
||||
3.8
|
||||
@@ -1 +0,0 @@
|
||||
# Tenant Cluster Upgrade
|
||||
@@ -818,3 +818,15 @@ func (d *Deployment) ResetKubeAPIServerFlags(resource *appsv1.Deployment, tcp *k
|
||||
|
||||
resource.GetAnnotations()[apiServerFlagsAnnotation] = fmt.Sprintf("%d", len(tcp.Spec.ControlPlane.Deployment.ExtraArgs.APIServer))
|
||||
}
|
||||
|
||||
func (d *Deployment) SetNodeSelector(spec *corev1.PodSpec, tcp *kamajiv1alpha1.TenantControlPlane) {
|
||||
spec.NodeSelector = tcp.Spec.ControlPlane.Deployment.NodeSelector
|
||||
}
|
||||
|
||||
func (d *Deployment) SetToleration(spec *corev1.PodSpec, tcp *kamajiv1alpha1.TenantControlPlane) {
|
||||
spec.Tolerations = tcp.Spec.ControlPlane.Deployment.Tolerations
|
||||
}
|
||||
|
||||
func (d *Deployment) SetAffinity(spec *corev1.PodSpec, tcp *kamajiv1alpha1.TenantControlPlane) {
|
||||
spec.Affinity = tcp.Spec.ControlPlane.Deployment.Affinity
|
||||
}
|
||||
|
||||
@@ -79,6 +79,9 @@ func (r *KubernetesDeploymentResource) mutate(ctx context.Context, tenantControl
|
||||
d.SetLabels(r.resource, utilities.MergeMaps(utilities.CommonLabels(tenantControlPlane.GetName()), tenantControlPlane.Spec.ControlPlane.Deployment.AdditionalMetadata.Labels))
|
||||
d.SetAnnotations(r.resource, utilities.MergeMaps(r.resource.Annotations, tenantControlPlane.Spec.ControlPlane.Deployment.AdditionalMetadata.Annotations))
|
||||
d.SetTemplateLabels(&r.resource.Spec.Template, r.deploymentTemplateLabels(ctx, tenantControlPlane))
|
||||
d.SetNodeSelector(&r.resource.Spec.Template.Spec, tenantControlPlane)
|
||||
d.SetToleration(&r.resource.Spec.Template.Spec, tenantControlPlane)
|
||||
d.SetAffinity(&r.resource.Spec.Template.Spec, tenantControlPlane)
|
||||
d.SetStrategy(&r.resource.Spec)
|
||||
d.SetSelector(&r.resource.Spec, tenantControlPlane)
|
||||
d.SetTopologySpreadConstraints(&r.resource.Spec, tenantControlPlane.Spec.ControlPlane.Deployment.TopologySpreadConstraints)
|
||||
|
||||
Reference in New Issue
Block a user