github/kamaji
1
0
Fork 0
mirror of https://github.com/clastix/kamaji.git synced 2026-04-15 06:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e235a4e323fe51a2e5ca0ed8b0965c4f71211e5
kamaji/docs/content/reference/api.md
Dario Tranchitella aed48e1bf0 docs: releasing v0.6.0 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
2024-05-19 11:59:33 +02:00

16303 lines
497 KiB
Markdown
Raw Blame History

# API Reference
Packages:
- [kamaji.clastix.io/v1alpha1](#kamajiclastixiov1alpha1)
# kamaji.clastix.io/v1alpha1
Resource Types:
- [DataStore](#datastore)
- [TenantControlPlane](#tenantcontrolplane)
## DataStore
DataStore is the Schema for the datastores API.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>kamaji.clastix.io/v1alpha1</td>
<td>true</td>
</tr>
<tr>
<td><b>kind</b></td>
<td>string</td>
<td>DataStore</td>
<td>true</td>
</tr>
<tr>
<td><b><a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#objectmeta-v1-meta">metadata</a></b></td>
<td>object</td>
<td>Refer to the Kubernetes API documentation for the fields of the `metadata` field.</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespec">spec</a></b></td>
<td>object</td>
<td>
DataStoreSpec defines the desired state of DataStore.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorestatus">status</a></b></td>
<td>object</td>
<td>
DataStoreStatus defines the observed state of DataStore.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec
DataStoreSpec defines the desired state of DataStore.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>driver</b></td>
<td>enum</td>
<td>
The driver to use to connect to the shared datastore.<br/>
<br/>
<i>Enum</i>: etcd, MySQL, PostgreSQL, NATS<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>endpoints</b></td>
<td>[]string</td>
<td>
List of the endpoints to connect to the shared datastore.
No need for protocol, just bare IP/FQDN and port.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespecbasicauth">basicAuth</a></b></td>
<td>object</td>
<td>
In case of authentication enabled for the given data store, specifies the username and password pair.
This value is optional.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfig">tlsConfig</a></b></td>
<td>object</td>
<td>
Defines the TLS/SSL configuration required to connect to the data store in a secure way.
This value is optional.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.basicAuth
In case of authentication enabled for the given data store, specifies the username and password pair.
This value is optional.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#datastorespecbasicauthpassword">password</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespecbasicauthusername">username</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### DataStore.spec.basicAuth.password
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespecbasicauthpasswordsecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.basicAuth.password.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.basicAuth.username
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespecbasicauthusernamesecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.basicAuth.username.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig
Defines the TLS/SSL configuration required to connect to the data store in a secure way.
This value is optional.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#datastorespectlsconfigcertificateauthority">certificateAuthority</a></b></td>
<td>object</td>
<td>
Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference.
The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigclientcertificate">clientCertificate</a></b></td>
<td>object</td>
<td>
Specifies the SSL/TLS key and private key pair used to connect to the data store.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.certificateAuthority
Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference.
The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#datastorespectlsconfigcertificateauthoritycertificate">certificate</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigcertificateauthorityprivatekey">privateKey</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.certificateAuthority.certificate
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigcertificateauthoritycertificatesecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.certificateAuthority.certificate.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.certificateAuthority.privateKey
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigcertificateauthorityprivatekeysecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.certificateAuthority.privateKey.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.clientCertificate
Specifies the SSL/TLS key and private key pair used to connect to the data store.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#datastorespectlsconfigclientcertificatecertificate">certificate</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigclientcertificateprivatekey">privateKey</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.clientCertificate.certificate
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigclientcertificatecertificatesecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.clientCertificate.certificate.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.clientCertificate.privateKey
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>content</b></td>
<td>string</td>
<td>
Bare content of the file, base64 encoded.
It has precedence over the SecretReference value.<br/>
<br/>
<i>Format</i>: byte<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#datastorespectlsconfigclientcertificateprivatekeysecretreference">secretReference</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.spec.tlsConfig.clientCertificate.privateKey.secretReference
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>keyPath</b></td>
<td>string</td>
<td>
Name of the key for the given Secret reference where the content is stored.
This value is mandatory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name is unique within a namespace to reference a secret resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
namespace defines the space within which the secret name must be unique.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### DataStore.status
DataStoreStatus defines the observed state of DataStore.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>usedBy</b></td>
<td>[]string</td>
<td>
List of the Tenant Control Planes, namespaced named, using this data store.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
## TenantControlPlane
TenantControlPlane is the Schema for the tenantcontrolplanes API.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>kamaji.clastix.io/v1alpha1</td>
<td>true</td>
</tr>
<tr>
<td><b>kind</b></td>
<td>string</td>
<td>TenantControlPlane</td>
<td>true</td>
</tr>
<tr>
<td><b><a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#objectmeta-v1-meta">metadata</a></b></td>
<td>object</td>
<td>Refer to the Kubernetes API documentation for the fields of the `metadata` field.</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespec">spec</a></b></td>
<td>object</td>
<td>
TenantControlPlaneSpec defines the desired state of TenantControlPlane.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatus">status</a></b></td>
<td>object</td>
<td>
TenantControlPlaneStatus defines the observed state of TenantControlPlane.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec
TenantControlPlaneSpec defines the desired state of TenantControlPlane.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplane">controlPlane</a></b></td>
<td>object</td>
<td>
ControlPlane defines how the Tenant Control Plane Kubernetes resources must be created in the Admin Cluster,
such as the number of Pod replicas, the Service resource, or the Ingress.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeckubernetes">kubernetes</a></b></td>
<td>object</td>
<td>
Kubernetes specification for tenant control plane<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddons">addons</a></b></td>
<td>object</td>
<td>
Addons contain which addons are enabled<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>dataStore</b></td>
<td>string</td>
<td>
DataStore allows to specify a DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane.
This parameter is optional and acts as an override over the default one which is used by the Kamaji Operator.
Migration from a different DataStore to another one is not yet supported and the reconciliation will be blocked.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecnetworkprofile">networkProfile</a></b></td>
<td>object</td>
<td>
NetworkProfile specifies how the network is<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane
ControlPlane defines how the Tenant Control Plane Kubernetes resources must be created in the Admin Cluster,
such as the number of Pod replicas, the Service resource, or the Ingress.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplaneservice">service</a></b></td>
<td>object</td>
<td>
Defining the options for the Tenant Control Plane Service resource.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeployment">deployment</a></b></td>
<td>object</td>
<td>
Defining the options for the deployed Tenant Control Plane as Deployment resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplaneingress">ingress</a></b></td>
<td>object</td>
<td>
Defining the options for an Optional Ingress which will expose API Server of the Tenant Control Plane<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.service
Defining the options for the Tenant Control Plane Service resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>serviceType</b></td>
<td>enum</td>
<td>
ServiceType allows specifying how to expose the Tenant Control Plane.<br/>
<br/>
<i>Enum</i>: ClusterIP, NodePort, LoadBalancer<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplaneserviceadditionalmetadata">additionalMetadata</a></b></td>
<td>object</td>
<td>
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.service.additionalMetadata
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>annotations</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>labels</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment
Defining the options for the deployed Tenant Control Plane as Deployment resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindex">additionalContainers</a></b></td>
<td>[]object</td>
<td>
AdditionalContainers allows adding additional containers to the Control Plane deployment.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindex">additionalInitContainers</a></b></td>
<td>[]object</td>
<td>
AdditionalInitContainers allows adding additional init containers to the Control Plane deployment.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalmetadata">additionalMetadata</a></b></td>
<td>object</td>
<td>
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumemounts">additionalVolumeMounts</a></b></td>
<td>object</td>
<td>
AdditionalVolumeMounts allows to mount an additional volume into each component of the Control Plane
(kube-apiserver, controller-manager, and scheduler).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindex">additionalVolumes</a></b></td>
<td>[]object</td>
<td>
AdditionalVolumes allows to add additional volumes to the Control Plane deployment.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinity">affinity</a></b></td>
<td>object</td>
<td>
If specified, the Tenant Control Plane pod's scheduling constraints.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentextraargs">extraArgs</a></b></td>
<td>object</td>
<td>
ExtraArgs allows adding additional arguments to the Control Plane components,
such as kube-apiserver, controller-manager, and scheduler. WARNING - This option
can override existing parameters and cause components to misbehave in unxpected ways.
Only modify if you know what you are doing.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>nodeSelector</b></td>
<td>map[string]string</td>
<td>
NodeSelector is a selector which must be true for the pod to fit on a node.
Selector which must match a node's labels for the pod to be scheduled on that node.
More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentpodadditionalmetadata">podAdditionalMetadata</a></b></td>
<td>object</td>
<td>
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentregistrysettings">registrySettings</a></b></td>
<td>object</td>
<td>
RegistrySettings allows to override the default images for the given Tenant Control Plane instance.
It could be used to point to a different container registry rather than the public one.<br/>
<br/>
<i>Default</i>: map[apiServerImage:kube-apiserver controllerManagerImage:kube-controller-manager registry:registry.k8s.io schedulerImage:kube-scheduler]<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>replicas</b></td>
<td>integer</td>
<td>
<br/>
<br/>
<i>Format</i>: int32<br/>
<i>Default</i>: 2<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresources">resources</a></b></td>
<td>object</td>
<td>
Resources defines the amount of memory and CPU to allocate to each component of the Control Plane
(kube-apiserver, controller-manager, and scheduler).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runtimeClassName</b></td>
<td>string</td>
<td>
RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
to run the Tenant Control Plane pod. If no RuntimeClass resource matches the named class, the pod will not be run.
If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
empty definition that uses the default runtime handler.
More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>serviceAccountName</b></td>
<td>string</td>
<td>
ServiceAccountName allows to specify the service account to be mounted to the pods of the Control plane deployment<br/>
<br/>
<i>Default</i>: default<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentstrategy">strategy</a></b></td>
<td>object</td>
<td>
Strategy describes how to replace existing pods with new ones for the given Tenant Control Plane.
Default value is set to Rolling Update, with a blue/green strategy.<br/>
<br/>
<i>Default</i>: map[rollingUpdate:map[maxSurge:100% maxUnavailable:0] type:RollingUpdate]<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymenttolerationsindex">tolerations</a></b></td>
<td>[]object</td>
<td>
If specified, the Tenant Control Plane pod's tolerations.
More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymenttopologyspreadconstraintsindex">topologySpreadConstraints</a></b></td>
<td>[]object</td>
<td>
TopologySpreadConstraints describes how the Tenant Control Plane pods ought to spread across topology
domains. Scheduler will schedule pods in a way which abides by the constraints.
In case of nil underlying LabelSelector, the Kamaji one for the given Tenant Control Plane will be used.
All topologySpreadConstraints are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index]
A single application container that you want to run within a pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>args</b></td>
<td>[]string</td>
<td>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindex">env</a></b></td>
<td>[]object</td>
<td>
List of environment variables to set in the container.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvfromindex">envFrom</a></b></td>
<td>[]object</td>
<td>
List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
Container image name.
More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imagePullPolicy</b></td>
<td>string</td>
<td>
Image pull policy.
One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycle">lifecycle</a></b></td>
<td>object</td>
<td>
Actions that the management system should take in response to container lifecycle events.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobe">livenessProbe</a></b></td>
<td>object</td>
<td>
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexportsindex">ports</a></b></td>
<td>[]object</td>
<td>
List of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
Modifying this array with strategic merge patch may corrupt the data.
For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobe">readinessProbe</a></b></td>
<td>object</td>
<td>
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexresizepolicyindex">resizePolicy</a></b></td>
<td>[]object</td>
<td>
Resources resize policy for the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexresources">resources</a></b></td>
<td>object</td>
<td>
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>restartPolicy</b></td>
<td>string</td>
<td>
RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always".
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
will be shut down. This lifecycle differs from normal init containers and
is often referred to as a "sidecar" container. Although this init
container still starts in the init container sequence, it does not wait
for the container to complete before proceeding to the next init
container. Instead, the next init container starts immediately after this
init container is started, or after any startupProbe has successfully
completed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontext">securityContext</a></b></td>
<td>object</td>
<td>
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobe">startupProbe</a></b></td>
<td>object</td>
<td>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>stdin</b></td>
<td>boolean</td>
<td>
Whether this container should allocate a buffer for stdin in the container runtime. If this
is not set, reads from stdin in the container will always result in EOF.
Default is false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>stdinOnce</b></td>
<td>boolean</td>
<td>
Whether the container runtime should close the stdin channel after it has been opened by
a single attach. When stdin is true the stdin stream will remain open across multiple attach
sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
first client attaches to stdin, and then remains open and accepts data until the client disconnects,
at which time stdin is closed and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin will never receive an EOF.
Default is false<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationMessagePath</b></td>
<td>string</td>
<td>
Optional: Path at which the file to which the container's termination message
will be written is mounted into the container's filesystem.
Message written is intended to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes. The total message length across
all containers will be limited to 12kb.
Defaults to /dev/termination-log.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationMessagePolicy</b></td>
<td>string</td>
<td>
Indicate how the termination message should be populated. File will use the contents of
terminationMessagePath to populate the container status message on both success and failure.
FallbackToLogsOnError will use the last chunk of container log output if the termination
message file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
Defaults to File.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tty</b></td>
<td>boolean</td>
<td>
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
Default is false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexvolumedevicesindex">volumeDevices</a></b></td>
<td>[]object</td>
<td>
volumeDevices is the list of block devices to be used by the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexvolumemountsindex">volumeMounts</a></b></td>
<td>[]object</td>
<td>
Pod volumes to mount into the container's filesystem.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>workingDir</b></td>
<td>string</td>
<td>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index]
EnvVar represents an environment variable present in a Container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the environment variable. Must be a C_IDENTIFIER.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindexvaluefrom">valueFrom</a></b></td>
<td>object</td>
<td>
Source for the environment variable's value. Cannot be used if value is not empty.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index].valueFrom
Source for the environment variable's value. Cannot be used if value is not empty.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindexvaluefromconfigmapkeyref">configMapKeyRef</a></b></td>
<td>object</td>
<td>
Selects a key of a ConfigMap.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindexvaluefromfieldref">fieldRef</a></b></td>
<td>object</td>
<td>
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindexvaluefromresourcefieldref">resourceFieldRef</a></b></td>
<td>object</td>
<td>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvindexvaluefromsecretkeyref">secretKeyRef</a></b></td>
<td>object</td>
<td>
Selects a key of a secret in the pod's namespace<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index].valueFrom.configMapKeyRef
Selects a key of a ConfigMap.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key to select.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the ConfigMap or its key must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index].valueFrom.fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fieldPath</b></td>
<td>string</td>
<td>
Path of the field to select in the specified API version.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>
Version of the schema the FieldPath is written in terms of, defaults to "v1".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index].valueFrom.resourceFieldRef
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resource</b></td>
<td>string</td>
<td>
Required: resource to select<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>containerName</b></td>
<td>string</td>
<td>
Container name: required for volumes, optional for env vars<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>divisor</b></td>
<td>int or string</td>
<td>
Specifies the output format of the exposed resources, defaults to "1"<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].env[index].valueFrom.secretKeyRef
Selects a key of a secret in the pod's namespace
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key of the secret to select from. Must be a valid secret key.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the Secret or its key must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].envFrom[index]
EnvFromSource represents the source of a set of ConfigMaps
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvfromindexconfigmapref">configMapRef</a></b></td>
<td>object</td>
<td>
The ConfigMap to select from<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>prefix</b></td>
<td>string</td>
<td>
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexenvfromindexsecretref">secretRef</a></b></td>
<td>object</td>
<td>
The Secret to select from<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].envFrom[index].configMapRef
The ConfigMap to select from
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the ConfigMap must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].envFrom[index].secretRef
The Secret to select from
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the Secret must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle
Actions that the management system should take in response to container lifecycle events.
Cannot be updated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststart">postStart</a></b></td>
<td>object</td>
<td>
PostStart is called immediately after a container is created. If the handler fails,
the container is terminated and restarted according to its restart policy.
Other management of the container blocks until the hook completes.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestop">preStop</a></b></td>
<td>object</td>
<td>
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown begins before the
PreStop hook is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period (unless delayed by finalizers). Other management of the container blocks until the hook completes
or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart
PostStart is called immediately after a container is created. If the handler fails,
the container is terminated and restarted according to its restart policy.
Other management of the container blocks until the hook completes.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststartexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststarthttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststartsleep">sleep</a></b></td>
<td>object</td>
<td>
Sleep represents the duration that the container should sleep before being terminated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststarttcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecyclepoststarthttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart.sleep
Sleep represents the duration that the container should sleep before being terminated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>seconds</b></td>
<td>integer</td>
<td>
Seconds is the number of seconds to sleep.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.postStart.tcpSocket
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown begins before the
PreStop hook is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period (unless delayed by finalizers). Other management of the container blocks until the hook completes
or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestopexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestophttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestopsleep">sleep</a></b></td>
<td>object</td>
<td>
Sleep represents the duration that the container should sleep before being terminated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestoptcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlifecycleprestophttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop.sleep
Sleep represents the duration that the container should sleep before being terminated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>seconds</b></td>
<td>integer</td>
<td>
Seconds is the number of seconds to sleep.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].lifecycle.preStop.tcpSocket
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexlivenessprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].livenessProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].ports[index]
ContainerPort represents a network port in a single container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>containerPort</b></td>
<td>integer</td>
<td>
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>hostIP</b></td>
<td>string</td>
<td>
What host IP to bind the external port to.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>hostPort</b></td>
<td>integer</td>
<td>
Number of port to expose on the host.
If specified, this must be a valid port number, 0 < x < 65536.
If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>protocol</b></td>
<td>string</td>
<td>
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".<br/>
<br/>
<i>Default</i>: TCP<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexreadinessprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].readinessProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].resizePolicy[index]
ContainerResizePolicy represents resource resize policy for the container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resourceName</b></td>
<td>string</td>
<td>
Name of the resource to which this resource resize policy applies.
Supported values: cpu, memory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>restartPolicy</b></td>
<td>string</td>
<td>
Restart policy to apply when specified resource is resized.
If not specified, it defaults to NotRequired.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].resources
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexresourcesclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].resources.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>allowPrivilegeEscalation</b></td>
<td>boolean</td>
<td>
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontextapparmorprofile">appArmorProfile</a></b></td>
<td>object</td>
<td>
appArmorProfile is the AppArmor options to use by this container. If set, this profile
overrides the pod's appArmorProfile.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontextcapabilities">capabilities</a></b></td>
<td>object</td>
<td>
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>privileged</b></td>
<td>boolean</td>
<td>
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>procMount</b></td>
<td>string</td>
<td>
procMount denotes the type of proc mount to use for the containers.
The default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnlyRootFilesystem</b></td>
<td>boolean</td>
<td>
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsGroup</b></td>
<td>integer</td>
<td>
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsNonRoot</b></td>
<td>boolean</td>
<td>
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsUser</b></td>
<td>integer</td>
<td>
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontextselinuxoptions">seLinuxOptions</a></b></td>
<td>object</td>
<td>
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontextseccompprofile">seccompProfile</a></b></td>
<td>object</td>
<td>
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexsecuritycontextwindowsoptions">windowsOptions</a></b></td>
<td>object</td>
<td>
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext.appArmorProfile
appArmorProfile is the AppArmor options to use by this container. If set, this profile
overrides the pod's appArmorProfile.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>localhostProfile</b></td>
<td>string</td>
<td>
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext.capabilities
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>add</b></td>
<td>[]string</td>
<td>
Added capabilities<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>drop</b></td>
<td>[]string</td>
<td>
Removed capabilities<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext.seLinuxOptions
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>level</b></td>
<td>string</td>
<td>
Level is SELinux level label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>role</b></td>
<td>string</td>
<td>
Role is a SELinux role label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
Type is a SELinux type label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
User is a SELinux user label that applies to the container.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext.seccompProfile
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>localhostProfile</b></td>
<td>string</td>
<td>
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].securityContext.windowsOptions
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>gmsaCredentialSpec</b></td>
<td>string</td>
<td>
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>gmsaCredentialSpecName</b></td>
<td>string</td>
<td>
GMSACredentialSpecName is the name of the GMSA credential spec to use.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>hostProcess</b></td>
<td>boolean</td>
<td>
HostProcess determines if a container should be run as a 'Host Process' container.
All of a Pod's containers must have the same effective HostProcess value
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
In addition, if HostProcess is true then HostNetwork must also be set to true.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsUserName</b></td>
<td>string</td>
<td>
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalcontainersindexstartupprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].startupProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].volumeDevices[index]
volumeDevice describes a mapping of a raw block device within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>devicePath</b></td>
<td>string</td>
<td>
devicePath is the path inside of the container that the device will be mapped to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name must match the name of a persistentVolumeClaim in the pod<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalContainers[index].volumeMounts[index]
VolumeMount describes a mounting of a Volume within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>mountPath</b></td>
<td>string</td>
<td>
Path within the container at which the volume should be mounted. Must
not contain ':'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
This must match the Name of a Volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mountPropagation</b></td>
<td>string</td>
<td>
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>recursiveReadOnly</b></td>
<td>string</td>
<td>
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPath</b></td>
<td>string</td>
<td>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPathExpr</b></td>
<td>string</td>
<td>
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index]
A single application container that you want to run within a pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>args</b></td>
<td>[]string</td>
<td>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindex">env</a></b></td>
<td>[]object</td>
<td>
List of environment variables to set in the container.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvfromindex">envFrom</a></b></td>
<td>[]object</td>
<td>
List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
Container image name.
More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imagePullPolicy</b></td>
<td>string</td>
<td>
Image pull policy.
One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycle">lifecycle</a></b></td>
<td>object</td>
<td>
Actions that the management system should take in response to container lifecycle events.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobe">livenessProbe</a></b></td>
<td>object</td>
<td>
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexportsindex">ports</a></b></td>
<td>[]object</td>
<td>
List of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
Modifying this array with strategic merge patch may corrupt the data.
For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobe">readinessProbe</a></b></td>
<td>object</td>
<td>
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexresizepolicyindex">resizePolicy</a></b></td>
<td>[]object</td>
<td>
Resources resize policy for the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexresources">resources</a></b></td>
<td>object</td>
<td>
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>restartPolicy</b></td>
<td>string</td>
<td>
RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always".
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
will be shut down. This lifecycle differs from normal init containers and
is often referred to as a "sidecar" container. Although this init
container still starts in the init container sequence, it does not wait
for the container to complete before proceeding to the next init
container. Instead, the next init container starts immediately after this
init container is started, or after any startupProbe has successfully
completed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontext">securityContext</a></b></td>
<td>object</td>
<td>
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobe">startupProbe</a></b></td>
<td>object</td>
<td>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>stdin</b></td>
<td>boolean</td>
<td>
Whether this container should allocate a buffer for stdin in the container runtime. If this
is not set, reads from stdin in the container will always result in EOF.
Default is false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>stdinOnce</b></td>
<td>boolean</td>
<td>
Whether the container runtime should close the stdin channel after it has been opened by
a single attach. When stdin is true the stdin stream will remain open across multiple attach
sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
first client attaches to stdin, and then remains open and accepts data until the client disconnects,
at which time stdin is closed and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin will never receive an EOF.
Default is false<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationMessagePath</b></td>
<td>string</td>
<td>
Optional: Path at which the file to which the container's termination message
will be written is mounted into the container's filesystem.
Message written is intended to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes. The total message length across
all containers will be limited to 12kb.
Defaults to /dev/termination-log.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationMessagePolicy</b></td>
<td>string</td>
<td>
Indicate how the termination message should be populated. File will use the contents of
terminationMessagePath to populate the container status message on both success and failure.
FallbackToLogsOnError will use the last chunk of container log output if the termination
message file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
Defaults to File.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tty</b></td>
<td>boolean</td>
<td>
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
Default is false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexvolumedevicesindex">volumeDevices</a></b></td>
<td>[]object</td>
<td>
volumeDevices is the list of block devices to be used by the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexvolumemountsindex">volumeMounts</a></b></td>
<td>[]object</td>
<td>
Pod volumes to mount into the container's filesystem.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>workingDir</b></td>
<td>string</td>
<td>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
Cannot be updated.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index]
EnvVar represents an environment variable present in a Container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the environment variable. Must be a C_IDENTIFIER.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindexvaluefrom">valueFrom</a></b></td>
<td>object</td>
<td>
Source for the environment variable's value. Cannot be used if value is not empty.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index].valueFrom
Source for the environment variable's value. Cannot be used if value is not empty.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindexvaluefromconfigmapkeyref">configMapKeyRef</a></b></td>
<td>object</td>
<td>
Selects a key of a ConfigMap.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindexvaluefromfieldref">fieldRef</a></b></td>
<td>object</td>
<td>
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindexvaluefromresourcefieldref">resourceFieldRef</a></b></td>
<td>object</td>
<td>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvindexvaluefromsecretkeyref">secretKeyRef</a></b></td>
<td>object</td>
<td>
Selects a key of a secret in the pod's namespace<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index].valueFrom.configMapKeyRef
Selects a key of a ConfigMap.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key to select.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the ConfigMap or its key must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index].valueFrom.fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fieldPath</b></td>
<td>string</td>
<td>
Path of the field to select in the specified API version.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>
Version of the schema the FieldPath is written in terms of, defaults to "v1".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index].valueFrom.resourceFieldRef
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resource</b></td>
<td>string</td>
<td>
Required: resource to select<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>containerName</b></td>
<td>string</td>
<td>
Container name: required for volumes, optional for env vars<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>divisor</b></td>
<td>int or string</td>
<td>
Specifies the output format of the exposed resources, defaults to "1"<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].env[index].valueFrom.secretKeyRef
Selects a key of a secret in the pod's namespace
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key of the secret to select from. Must be a valid secret key.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the Secret or its key must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].envFrom[index]
EnvFromSource represents the source of a set of ConfigMaps
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvfromindexconfigmapref">configMapRef</a></b></td>
<td>object</td>
<td>
The ConfigMap to select from<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>prefix</b></td>
<td>string</td>
<td>
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexenvfromindexsecretref">secretRef</a></b></td>
<td>object</td>
<td>
The Secret to select from<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].envFrom[index].configMapRef
The ConfigMap to select from
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the ConfigMap must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].envFrom[index].secretRef
The Secret to select from
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
Specify whether the Secret must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle
Actions that the management system should take in response to container lifecycle events.
Cannot be updated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststart">postStart</a></b></td>
<td>object</td>
<td>
PostStart is called immediately after a container is created. If the handler fails,
the container is terminated and restarted according to its restart policy.
Other management of the container blocks until the hook completes.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestop">preStop</a></b></td>
<td>object</td>
<td>
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown begins before the
PreStop hook is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period (unless delayed by finalizers). Other management of the container blocks until the hook completes
or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart
PostStart is called immediately after a container is created. If the handler fails,
the container is terminated and restarted according to its restart policy.
Other management of the container blocks until the hook completes.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststartexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststarthttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststartsleep">sleep</a></b></td>
<td>object</td>
<td>
Sleep represents the duration that the container should sleep before being terminated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststarttcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecyclepoststarthttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart.sleep
Sleep represents the duration that the container should sleep before being terminated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>seconds</b></td>
<td>integer</td>
<td>
Seconds is the number of seconds to sleep.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.postStart.tcpSocket
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The Pod's termination grace period countdown begins before the
PreStop hook is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period (unless delayed by finalizers). Other management of the container blocks until the hook completes
or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestopexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestophttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestopsleep">sleep</a></b></td>
<td>object</td>
<td>
Sleep represents the duration that the container should sleep before being terminated.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestoptcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlifecycleprestophttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop.sleep
Sleep represents the duration that the container should sleep before being terminated.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>seconds</b></td>
<td>integer</td>
<td>
Seconds is the number of seconds to sleep.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].lifecycle.preStop.tcpSocket
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
for the backward compatibility. There are no validation of this field and
lifecycle hooks will fail in runtime when tcp handler is specified.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexlivenessprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].livenessProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].ports[index]
ContainerPort represents a network port in a single container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>containerPort</b></td>
<td>integer</td>
<td>
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>hostIP</b></td>
<td>string</td>
<td>
What host IP to bind the external port to.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>hostPort</b></td>
<td>integer</td>
<td>
Number of port to expose on the host.
If specified, this must be a valid port number, 0 < x < 65536.
If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>protocol</b></td>
<td>string</td>
<td>
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".<br/>
<br/>
<i>Default</i>: TCP<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexreadinessprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].readinessProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].resizePolicy[index]
ContainerResizePolicy represents resource resize policy for the container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resourceName</b></td>
<td>string</td>
<td>
Name of the resource to which this resource resize policy applies.
Supported values: cpu, memory.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>restartPolicy</b></td>
<td>string</td>
<td>
Restart policy to apply when specified resource is resized.
If not specified, it defaults to NotRequired.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].resources
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexresourcesclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].resources.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>allowPrivilegeEscalation</b></td>
<td>boolean</td>
<td>
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontextapparmorprofile">appArmorProfile</a></b></td>
<td>object</td>
<td>
appArmorProfile is the AppArmor options to use by this container. If set, this profile
overrides the pod's appArmorProfile.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontextcapabilities">capabilities</a></b></td>
<td>object</td>
<td>
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>privileged</b></td>
<td>boolean</td>
<td>
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>procMount</b></td>
<td>string</td>
<td>
procMount denotes the type of proc mount to use for the containers.
The default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnlyRootFilesystem</b></td>
<td>boolean</td>
<td>
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsGroup</b></td>
<td>integer</td>
<td>
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsNonRoot</b></td>
<td>boolean</td>
<td>
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsUser</b></td>
<td>integer</td>
<td>
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontextselinuxoptions">seLinuxOptions</a></b></td>
<td>object</td>
<td>
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontextseccompprofile">seccompProfile</a></b></td>
<td>object</td>
<td>
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexsecuritycontextwindowsoptions">windowsOptions</a></b></td>
<td>object</td>
<td>
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext.appArmorProfile
appArmorProfile is the AppArmor options to use by this container. If set, this profile
overrides the pod's appArmorProfile.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>localhostProfile</b></td>
<td>string</td>
<td>
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext.capabilities
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>add</b></td>
<td>[]string</td>
<td>
Added capabilities<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>drop</b></td>
<td>[]string</td>
<td>
Removed capabilities<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext.seLinuxOptions
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>level</b></td>
<td>string</td>
<td>
Level is SELinux level label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>role</b></td>
<td>string</td>
<td>
Role is a SELinux role label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
Type is a SELinux type label that applies to the container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
User is a SELinux user label that applies to the container.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext.seccompProfile
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>localhostProfile</b></td>
<td>string</td>
<td>
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].securityContext.windowsOptions
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>gmsaCredentialSpec</b></td>
<td>string</td>
<td>
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>gmsaCredentialSpecName</b></td>
<td>string</td>
<td>
GMSACredentialSpecName is the name of the GMSA credential spec to use.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>hostProcess</b></td>
<td>boolean</td>
<td>
HostProcess determines if a container should be run as a 'Host Process' container.
All of a Pod's containers must have the same effective HostProcess value
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
In addition, if HostProcess is true then HostNetwork must also be set to true.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>runAsUserName</b></td>
<td>string</td>
<td>
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobeexec">exec</a></b></td>
<td>object</td>
<td>
Exec specifies the action to take.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>failureThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobegrpc">grpc</a></b></td>
<td>object</td>
<td>
GRPC specifies an action involving a GRPC port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobehttpget">httpGet</a></b></td>
<td>object</td>
<td>
HTTPGet specifies the http request to perform.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initialDelaySeconds</b></td>
<td>integer</td>
<td>
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>periodSeconds</b></td>
<td>integer</td>
<td>
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>successThreshold</b></td>
<td>integer</td>
<td>
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobetcpsocket">tcpSocket</a></b></td>
<td>object</td>
<td>
TCPSocket specifies an action involving a TCP port.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>terminationGracePeriodSeconds</b></td>
<td>integer</td>
<td>
Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>timeoutSeconds</b></td>
<td>integer</td>
<td>
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe.exec
Exec specifies the action to take.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>command</b></td>
<td>[]string</td>
<td>
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe.grpc
GRPC specifies an action involving a GRPC port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port number of the gRPC service. Number must be in the range 1 to 65535.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>service</b></td>
<td>string</td>
<td>
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe.httpGet
HTTPGet specifies the http request to perform.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalinitcontainersindexstartupprobehttpgethttpheadersindex">httpHeaders</a></b></td>
<td>[]object</td>
<td>
Custom headers to set in the request. HTTP allows repeated headers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Path to access on the HTTP server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheme</b></td>
<td>string</td>
<td>
Scheme to use for connecting to the host.
Defaults to HTTP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe.httpGet.httpHeaders[index]
HTTPHeader describes a custom header to be used in HTTP probes
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
The header field value<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].startupProbe.tcpSocket
TCPSocket specifies an action involving a TCP port.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>int or string</td>
<td>
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>host</b></td>
<td>string</td>
<td>
Optional: Host name to connect to, defaults to the pod IP.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].volumeDevices[index]
volumeDevice describes a mapping of a raw block device within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>devicePath</b></td>
<td>string</td>
<td>
devicePath is the path inside of the container that the device will be mapped to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name must match the name of a persistentVolumeClaim in the pod<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalInitContainers[index].volumeMounts[index]
VolumeMount describes a mounting of a Volume within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>mountPath</b></td>
<td>string</td>
<td>
Path within the container at which the volume should be mounted. Must
not contain ':'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
This must match the Name of a Volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mountPropagation</b></td>
<td>string</td>
<td>
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>recursiveReadOnly</b></td>
<td>string</td>
<td>
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPath</b></td>
<td>string</td>
<td>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPathExpr</b></td>
<td>string</td>
<td>
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalMetadata
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>annotations</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>labels</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumeMounts
AdditionalVolumeMounts allows to mount an additional volume into each component of the Control Plane
(kube-apiserver, controller-manager, and scheduler).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumemountsapiserverindex">apiServer</a></b></td>
<td>[]object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumemountscontrollermanagerindex">controllerManager</a></b></td>
<td>[]object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumemountsschedulerindex">scheduler</a></b></td>
<td>[]object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumeMounts.apiServer[index]
VolumeMount describes a mounting of a Volume within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>mountPath</b></td>
<td>string</td>
<td>
Path within the container at which the volume should be mounted. Must
not contain ':'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
This must match the Name of a Volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mountPropagation</b></td>
<td>string</td>
<td>
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>recursiveReadOnly</b></td>
<td>string</td>
<td>
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPath</b></td>
<td>string</td>
<td>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPathExpr</b></td>
<td>string</td>
<td>
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumeMounts.controllerManager[index]
VolumeMount describes a mounting of a Volume within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>mountPath</b></td>
<td>string</td>
<td>
Path within the container at which the volume should be mounted. Must
not contain ':'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
This must match the Name of a Volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mountPropagation</b></td>
<td>string</td>
<td>
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>recursiveReadOnly</b></td>
<td>string</td>
<td>
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPath</b></td>
<td>string</td>
<td>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPathExpr</b></td>
<td>string</td>
<td>
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumeMounts.scheduler[index]
VolumeMount describes a mounting of a Volume within a container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>mountPath</b></td>
<td>string</td>
<td>
Path within the container at which the volume should be mounted. Must
not contain ':'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
This must match the Name of a Volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mountPropagation</b></td>
<td>string</td>
<td>
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>recursiveReadOnly</b></td>
<td>string</td>
<td>
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPath</b></td>
<td>string</td>
<td>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>subPathExpr</b></td>
<td>string</td>
<td>
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index]
Volume represents a named volume in a pod that may be accessed by any container in the pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
name of the volume.
Must be a DNS_LABEL and unique within the pod.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexawselasticblockstore">awsElasticBlockStore</a></b></td>
<td>object</td>
<td>
awsElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexazuredisk">azureDisk</a></b></td>
<td>object</td>
<td>
azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexazurefile">azureFile</a></b></td>
<td>object</td>
<td>
azureFile represents an Azure File Service mount on the host and bind mount to the pod.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcephfs">cephfs</a></b></td>
<td>object</td>
<td>
cephFS represents a Ceph FS mount on the host that shares a pod's lifetime<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcinder">cinder</a></b></td>
<td>object</td>
<td>
cinder represents a cinder volume attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexconfigmap">configMap</a></b></td>
<td>object</td>
<td>
configMap represents a configMap that should populate this volume<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcsi">csi</a></b></td>
<td>object</td>
<td>
csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexdownwardapi">downwardAPI</a></b></td>
<td>object</td>
<td>
downwardAPI represents downward API about the pod that should populate this volume<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexemptydir">emptyDir</a></b></td>
<td>object</td>
<td>
emptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeral">ephemeral</a></b></td>
<td>object</td>
<td>
ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
tracking are needed,
c) the storage driver is specified through a storage class, and
d) the storage driver supports dynamic volume provisioning through
a PersistentVolumeClaim (see EphemeralVolumeSource for more
information on the connection between this volume type
and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexfc">fc</a></b></td>
<td>object</td>
<td>
fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexflexvolume">flexVolume</a></b></td>
<td>object</td>
<td>
flexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexflocker">flocker</a></b></td>
<td>object</td>
<td>
flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexgcepersistentdisk">gcePersistentDisk</a></b></td>
<td>object</td>
<td>
gcePersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexgitrepo">gitRepo</a></b></td>
<td>object</td>
<td>
gitRepo represents a git repository at a particular revision.
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
into the Pod's container.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexglusterfs">glusterfs</a></b></td>
<td>object</td>
<td>
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
More info: https://examples.k8s.io/volumes/glusterfs/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexhostpath">hostPath</a></b></td>
<td>object</td>
<td>
hostPath represents a pre-existing file or directory on the host
machine that is directly exposed to the container. This is generally
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
---
TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
mount host directories as read/write.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexiscsi">iscsi</a></b></td>
<td>object</td>
<td>
iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://examples.k8s.io/volumes/iscsi/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexnfs">nfs</a></b></td>
<td>object</td>
<td>
nfs represents an NFS mount on the host that shares a pod's lifetime
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexpersistentvolumeclaim">persistentVolumeClaim</a></b></td>
<td>object</td>
<td>
persistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexphotonpersistentdisk">photonPersistentDisk</a></b></td>
<td>object</td>
<td>
photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexportworxvolume">portworxVolume</a></b></td>
<td>object</td>
<td>
portworxVolume represents a portworx volume attached and mounted on kubelets host machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojected">projected</a></b></td>
<td>object</td>
<td>
projected items for all in one resources secrets, configmaps, and downward API<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexquobyte">quobyte</a></b></td>
<td>object</td>
<td>
quobyte represents a Quobyte mount on the host that shares a pod's lifetime<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexrbd">rbd</a></b></td>
<td>object</td>
<td>
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexscaleio">scaleIO</a></b></td>
<td>object</td>
<td>
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexsecret">secret</a></b></td>
<td>object</td>
<td>
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexstorageos">storageos</a></b></td>
<td>object</td>
<td>
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexvspherevolume">vsphereVolume</a></b></td>
<td>object</td>
<td>
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].awsElasticBlockStore
awsElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>volumeID</b></td>
<td>string</td>
<td>
volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from compromising the machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>partition</b></td>
<td>integer</td>
<td>
partition is the partition in the volume that you want to mount.
If omitted, the default is to mount by volume name.
Examples: For volume /dev/sda1, you specify the partition as "1".
Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly value true will force the readOnly setting in VolumeMounts.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].azureDisk
azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>diskName</b></td>
<td>string</td>
<td>
diskName is the Name of the data disk in the blob storage<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>diskURI</b></td>
<td>string</td>
<td>
diskURI is the URI of data disk in the blob storage<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>cachingMode</b></td>
<td>string</td>
<td>
cachingMode is the Host Caching mode: None, Read Only, Read Write.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is Filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>kind</b></td>
<td>string</td>
<td>
kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].azureFile
azureFile represents an Azure File Service mount on the host and bind mount to the pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
secretName is the name of secret that contains Azure Storage Account Name and Key<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>shareName</b></td>
<td>string</td>
<td>
shareName is the azure share Name<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].cephfs
cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>monitors</b></td>
<td>[]string</td>
<td>
monitors is Required: Monitors is a collection of Ceph monitors
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretFile</b></td>
<td>string</td>
<td>
secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcephfssecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
user is optional: User is the rados user name, default is admin
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].cephfs.secretRef
secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].cinder
cinder represents a cinder volume attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>volumeID</b></td>
<td>string</td>
<td>
volumeID used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcindersecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef is optional: points to a secret object containing parameters used to connect
to OpenStack.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].cinder.secretRef
secretRef is optional: points to a secret object containing parameters used to connect
to OpenStack.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].configMap
configMap represents a configMap that should populate this volume
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>defaultMode</b></td>
<td>integer</td>
<td>
defaultMode is optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexconfigmapitemsindex">items</a></b></td>
<td>[]object</td>
<td>
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
optional specify whether the ConfigMap or its keys must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].configMap.items[index]
Maps a string key to a path within a volume.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the key to project.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].csi
csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>driver</b></td>
<td>string</td>
<td>
driver is the name of the CSI driver that handles this volume.
Consult with your admin for the correct name as registered in the cluster.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType to mount. Ex. "ext4", "xfs", "ntfs".
If not provided, the empty value is passed to the associated CSI driver
which will determine the default filesystem to apply.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexcsinodepublishsecretref">nodePublishSecretRef</a></b></td>
<td>object</td>
<td>
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly specifies a read-only configuration for the volume.
Defaults to false (read/write).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeAttributes</b></td>
<td>map[string]string</td>
<td>
volumeAttributes stores driver-specific properties that are passed to the CSI
driver. Consult your driver's documentation for supported values.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].csi.nodePublishSecretRef
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].downwardAPI
downwardAPI represents downward API about the pod that should populate this volume
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>defaultMode</b></td>
<td>integer</td>
<td>
Optional: mode bits to use on created files by default. Must be a
Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexdownwardapiitemsindex">items</a></b></td>
<td>[]object</td>
<td>
Items is a list of downward API volume file<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].downwardAPI.items[index]
DownwardAPIVolumeFile represents information to create the file containing the pod field
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexdownwardapiitemsindexfieldref">fieldRef</a></b></td>
<td>object</td>
<td>
Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
Optional: mode bits used to set permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexdownwardapiitemsindexresourcefieldref">resourceFieldRef</a></b></td>
<td>object</td>
<td>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].downwardAPI.items[index].fieldRef
Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fieldPath</b></td>
<td>string</td>
<td>
Path of the field to select in the specified API version.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>
Version of the schema the FieldPath is written in terms of, defaults to "v1".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].downwardAPI.items[index].resourceFieldRef
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resource</b></td>
<td>string</td>
<td>
Required: resource to select<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>containerName</b></td>
<td>string</td>
<td>
Container name: required for volumes, optional for env vars<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>divisor</b></td>
<td>int or string</td>
<td>
Specifies the output format of the exposed resources, defaults to "1"<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].emptyDir
emptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>medium</b></td>
<td>string</td>
<td>
medium represents what type of storage medium should back this directory.
The default is "" which means to use the node's default medium.
Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>sizeLimit</b></td>
<td>int or string</td>
<td>
sizeLimit is the total amount of local storage required for this EmptyDir volume.
The size limit is also applicable for memory medium.
The maximum usage on memory medium EmptyDir would be the minimum value between
the SizeLimit specified here and the sum of memory limits of all containers in a pod.
The default is nil which means that the limit is undefined.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral
ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
tracking are needed,
c) the storage driver is specified through a storage class, and
d) the storage driver supports dynamic volume provisioning through
a PersistentVolumeClaim (see EphemeralVolumeSource for more
information on the connection between this volume type
and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplate">volumeClaimTemplate</a></b></td>
<td>object</td>
<td>
Will be used to create a stand-alone PVC to provision the volume.
The pod in which this EphemeralVolumeSource is embedded will be the
owner of the PVC, i.e. the PVC will be deleted together with the
pod. The name of the PVC will be `<pod name>-<volume name>` where
`<volume name>` is the name from the `PodSpec.Volumes` array
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
the unrelated PVC is removed. If such a pre-created PVC is
meant to be used by the pod, the PVC has to updated with an
owner reference to the pod once the pod exists. Normally
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
Required, must not be nil.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate
Will be used to create a stand-alone PVC to provision the volume.
The pod in which this EphemeralVolumeSource is embedded will be the
owner of the PVC, i.e. the PVC will be deleted together with the
pod. The name of the PVC will be `<pod name>-<volume name>` where
`<volume name>` is the name from the `PodSpec.Volumes` array
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
the unrelated PVC is removed. If such a pre-created PVC is
meant to be used by the pod, the PVC has to updated with an
owner reference to the pod once the pod exists. Normally
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
Required, must not be nil.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespec">spec</a></b></td>
<td>object</td>
<td>
The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this
template. The same fields as in a PersistentVolumeClaim
are also valid here.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>metadata</b></td>
<td>object</td>
<td>
May contain labels and annotations that will be copied into the PVC
when creating it. No other fields are allowed and will be rejected during
validation.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec
The specification for the PersistentVolumeClaim. The entire content is
copied unchanged into the PVC that gets created from this
template. The same fields as in a PersistentVolumeClaim
are also valid here.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>accessModes</b></td>
<td>[]string</td>
<td>
accessModes contains the desired access modes the volume should have.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespecdatasource">dataSource</a></b></td>
<td>object</td>
<td>
dataSource field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
If the provisioner or an external controller can support the specified data source,
it will create a new volume based on the contents of the specified data source.
When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
If the namespace is specified, then dataSourceRef will not be copied to dataSource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespecdatasourceref">dataSourceRef</a></b></td>
<td>object</td>
<td>
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
volume is desired. This may be any object from a non-empty API group (non
core object) or a PersistentVolumeClaim object.
When this field is specified, volume binding will only succeed if the type of
the specified object matches some installed volume populator or dynamic
provisioner.
This field will replace the functionality of the dataSource field and as such
if both fields are non-empty, they must have the same value. For backwards
compatibility, when namespace isn't specified in dataSourceRef,
both fields (dataSource and dataSourceRef) will be set to the same
value automatically if one of them is empty and the other is non-empty.
When namespace is specified in dataSourceRef,
dataSource isn't set to the same value and must be empty.
There are three important differences between dataSource and dataSourceRef:
* While dataSource only allows two specific types of objects, dataSourceRef
allows any non-core object, as well as PersistentVolumeClaim objects.
* While dataSource ignores disallowed values (dropping them), dataSourceRef
preserves all values, and generates an error if a disallowed value is
specified.
* While dataSource only allows local objects, dataSourceRef allows objects
in any namespaces.
(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespecresources">resources</a></b></td>
<td>object</td>
<td>
resources represents the minimum resources the volume should have.
If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespecselector">selector</a></b></td>
<td>object</td>
<td>
selector is a label query over volumes to consider for binding.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>storageClassName</b></td>
<td>string</td>
<td>
storageClassName is the name of the StorageClass required by the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeAttributesClassName</b></td>
<td>string</td>
<td>
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
If specified, the CSI driver will create or update the volume with the attributes defined
in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
will be set by the persistentvolume controller if it exists.
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeMode</b></td>
<td>string</td>
<td>
volumeMode defines what type of volume is required by the claim.
Value of Filesystem is implied when not included in claim spec.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeName</b></td>
<td>string</td>
<td>
volumeName is the binding reference to the PersistentVolume backing this claim.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec.dataSource
dataSource field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
If the provisioner or an external controller can support the specified data source,
it will create a new volume based on the contents of the specified data source.
When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
If the namespace is specified, then dataSourceRef will not be copied to dataSource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>kind</b></td>
<td>string</td>
<td>
Kind is the type of resource being referenced<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name is the name of resource being referenced<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiGroup</b></td>
<td>string</td>
<td>
APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
volume is desired. This may be any object from a non-empty API group (non
core object) or a PersistentVolumeClaim object.
When this field is specified, volume binding will only succeed if the type of
the specified object matches some installed volume populator or dynamic
provisioner.
This field will replace the functionality of the dataSource field and as such
if both fields are non-empty, they must have the same value. For backwards
compatibility, when namespace isn't specified in dataSourceRef,
both fields (dataSource and dataSourceRef) will be set to the same
value automatically if one of them is empty and the other is non-empty.
When namespace is specified in dataSourceRef,
dataSource isn't set to the same value and must be empty.
There are three important differences between dataSource and dataSourceRef:
* While dataSource only allows two specific types of objects, dataSourceRef
allows any non-core object, as well as PersistentVolumeClaim objects.
* While dataSource ignores disallowed values (dropping them), dataSourceRef
preserves all values, and generates an error if a disallowed value is
specified.
* While dataSource only allows local objects, dataSourceRef allows objects
in any namespaces.
(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>kind</b></td>
<td>string</td>
<td>
Kind is the type of resource being referenced<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name is the name of resource being referenced<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiGroup</b></td>
<td>string</td>
<td>
APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
Namespace is the namespace of resource being referenced
Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec.resources
resources represents the minimum resources the volume should have.
If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec.selector
selector is a label query over volumes to consider for binding.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexephemeralvolumeclaimtemplatespecselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].fc
fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
TODO: how do we prevent errors in the filesystem from compromising the machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lun</b></td>
<td>integer</td>
<td>
lun is Optional: FC target lun number<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>targetWWNs</b></td>
<td>[]string</td>
<td>
targetWWNs is Optional: FC target worldwide names (WWNs)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>wwids</b></td>
<td>[]string</td>
<td>
wwids Optional: FC volume world wide identifiers (wwids)
Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].flexVolume
flexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>driver</b></td>
<td>string</td>
<td>
driver is the name of the driver to use for this volume.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>options</b></td>
<td>map[string]string</td>
<td>
options is Optional: this field holds extra command options if any.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly is Optional: defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexflexvolumesecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef is Optional: secretRef is reference to the secret object containing
sensitive information to pass to the plugin scripts. This may be
empty if no secret object is specified. If the secret object
contains more than one secret, all secrets are passed to the plugin
scripts.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].flexVolume.secretRef
secretRef is Optional: secretRef is reference to the secret object containing
sensitive information to pass to the plugin scripts. This may be
empty if no secret object is specified. If the secret object
contains more than one secret, all secrets are passed to the plugin
scripts.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].flocker
flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>datasetName</b></td>
<td>string</td>
<td>
datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
should be considered as deprecated<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>datasetUUID</b></td>
<td>string</td>
<td>
datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].gcePersistentDisk
gcePersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>pdName</b></td>
<td>string</td>
<td>
pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from compromising the machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>partition</b></td>
<td>integer</td>
<td>
partition is the partition in the volume that you want to mount.
If omitted, the default is to mount by volume name.
Examples: For volume /dev/sda1, you specify the partition as "1".
Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the ReadOnly setting in VolumeMounts.
Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].gitRepo
gitRepo represents a git repository at a particular revision.
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
into the Pod's container.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>repository</b></td>
<td>string</td>
<td>
repository is the URL<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>directory</b></td>
<td>string</td>
<td>
directory is the target directory name.
Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
git repository. Otherwise, if specified, the volume will contain the git repository in
the subdirectory with the given name.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>revision</b></td>
<td>string</td>
<td>
revision is the commit hash for the specified revision.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].glusterfs
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
More info: https://examples.k8s.io/volumes/glusterfs/README.md
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>endpoints</b></td>
<td>string</td>
<td>
endpoints is the endpoint name that details Glusterfs topology.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
Defaults to false.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].hostPath
hostPath represents a pre-existing file or directory on the host
machine that is directly exposed to the container. This is generally
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
---
TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
mount host directories as read/write.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path of the directory on the host.
If the path is a symlink, it will follow the link to the real path.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type for HostPath Volume
Defaults to ""
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].iscsi
iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
More info: https://examples.k8s.io/volumes/iscsi/README.md
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>iqn</b></td>
<td>string</td>
<td>
iqn is the target iSCSI Qualified Name.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>lun</b></td>
<td>integer</td>
<td>
lun represents iSCSI Target Lun number.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>targetPortal</b></td>
<td>string</td>
<td>
targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>chapAuthDiscovery</b></td>
<td>boolean</td>
<td>
chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>chapAuthSession</b></td>
<td>boolean</td>
<td>
chapAuthSession defines whether support iSCSI Session CHAP authentication<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from compromising the machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>initiatorName</b></td>
<td>string</td>
<td>
initiatorName is the custom iSCSI Initiator Name.
If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
<target portal>:<volume name> will be created for the connection.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>iscsiInterface</b></td>
<td>string</td>
<td>
iscsiInterface is the interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>portals</b></td>
<td>[]string</td>
<td>
portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
is other than default (typically TCP ports 860 and 3260).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the ReadOnly setting in VolumeMounts.
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexiscsisecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef is the CHAP Secret for iSCSI target and initiator authentication<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].iscsi.secretRef
secretRef is the CHAP Secret for iSCSI target and initiator authentication
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].nfs
nfs represents an NFS mount on the host that shares a pod's lifetime
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path that is exported by the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>server</b></td>
<td>string</td>
<td>
server is the hostname or IP address of the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the NFS export to be mounted with read-only permissions.
Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].persistentVolumeClaim
persistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>claimName</b></td>
<td>string</td>
<td>
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly Will force the ReadOnly setting in VolumeMounts.
Default false.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].photonPersistentDisk
photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>pdID</b></td>
<td>string</td>
<td>
pdID is the ID that identifies Photon Controller persistent disk<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].portworxVolume
portworxVolume represents a portworx volume attached and mounted on kubelets host machine
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>volumeID</b></td>
<td>string</td>
<td>
volumeID uniquely identifies a Portworx volume<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected
projected items for all in one resources secrets, configmaps, and downward API
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>defaultMode</b></td>
<td>integer</td>
<td>
defaultMode are the mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindex">sources</a></b></td>
<td>[]object</td>
<td>
sources is the list of volume projections<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index]
Projection that may be projected along with other supported volume types
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexclustertrustbundle">clusterTrustBundle</a></b></td>
<td>object</td>
<td>
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
Alpha, gated by the ClusterTrustBundleProjection feature gate.
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
The ordering of certificates within the file is arbitrary, and Kubelet
may change the order over time.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexconfigmap">configMap</a></b></td>
<td>object</td>
<td>
configMap information about the configMap data to project<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexdownwardapi">downwardAPI</a></b></td>
<td>object</td>
<td>
downwardAPI information about the downwardAPI data to project<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexsecret">secret</a></b></td>
<td>object</td>
<td>
secret information about the secret data to project<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexserviceaccounttoken">serviceAccountToken</a></b></td>
<td>object</td>
<td>
serviceAccountToken is information about the serviceAccountToken data to project<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].clusterTrustBundle
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
Alpha, gated by the ClusterTrustBundleProjection feature gate.
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
The ordering of certificates within the file is arbitrary, and Kubelet
may change the order over time.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Relative path from the volume root to write the bundle.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexclustertrustbundlelabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
Select all ClusterTrustBundles that match this label selector. Only has
effect if signerName is set. Mutually-exclusive with name. If unset,
interpreted as "match nothing". If set but empty, interpreted as "match
everything".<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Select a single ClusterTrustBundle by object name. Mutually-exclusive
with signerName and labelSelector.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
If true, don't block pod startup if the referenced ClusterTrustBundle(s)
aren't available. If using name, then the named ClusterTrustBundle is
allowed not to exist. If using signerName, then the combination of
signerName and labelSelector is allowed to match zero
ClusterTrustBundles.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>signerName</b></td>
<td>string</td>
<td>
Select all ClusterTrustBundles that match this signer name.
Mutually-exclusive with name. The contents of all selected
ClusterTrustBundles will be unified and deduplicated.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].clusterTrustBundle.labelSelector
Select all ClusterTrustBundles that match this label selector. Only has
effect if signerName is set. Mutually-exclusive with name. If unset,
interpreted as "match nothing". If set but empty, interpreted as "match
everything".
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexclustertrustbundlelabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].clusterTrustBundle.labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].configMap
configMap information about the configMap data to project
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexconfigmapitemsindex">items</a></b></td>
<td>[]object</td>
<td>
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
optional specify whether the ConfigMap or its keys must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].configMap.items[index]
Maps a string key to a path within a volume.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the key to project.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].downwardAPI
downwardAPI information about the downwardAPI data to project
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexdownwardapiitemsindex">items</a></b></td>
<td>[]object</td>
<td>
Items is a list of DownwardAPIVolume file<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].downwardAPI.items[index]
DownwardAPIVolumeFile represents information to create the file containing the pod field
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexdownwardapiitemsindexfieldref">fieldRef</a></b></td>
<td>object</td>
<td>
Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
Optional: mode bits used to set permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexdownwardapiitemsindexresourcefieldref">resourceFieldRef</a></b></td>
<td>object</td>
<td>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].downwardAPI.items[index].fieldRef
Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fieldPath</b></td>
<td>string</td>
<td>
Path of the field to select in the specified API version.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>apiVersion</b></td>
<td>string</td>
<td>
Version of the schema the FieldPath is written in terms of, defaults to "v1".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>resource</b></td>
<td>string</td>
<td>
Required: resource to select<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>containerName</b></td>
<td>string</td>
<td>
Container name: required for volumes, optional for env vars<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>divisor</b></td>
<td>int or string</td>
<td>
Specifies the output format of the exposed resources, defaults to "1"<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].secret
secret information about the secret data to project
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexprojectedsourcesindexsecretitemsindex">items</a></b></td>
<td>[]object</td>
<td>
items if unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
optional field specify whether the Secret or its key must be defined<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].secret.items[index]
Maps a string key to a path within a volume.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the key to project.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].projected.sources[index].serviceAccountToken
serviceAccountToken is information about the serviceAccountToken data to project
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the path relative to the mount point of the file to project the
token into.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>audience</b></td>
<td>string</td>
<td>
audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>expirationSeconds</b></td>
<td>integer</td>
<td>
expirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].quobyte
quobyte represents a Quobyte mount on the host that shares a pod's lifetime
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>registry</b></td>
<td>string</td>
<td>
registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated with commas)
which acts as the central registry for volumes<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>volume</b></td>
<td>string</td>
<td>
volume is a string that references an already created Quobyte volume by name.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>group</b></td>
<td>string</td>
<td>
group to map volume access to
Default is no group<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the Quobyte volume to be mounted with read-only permissions.
Defaults to false.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tenant</b></td>
<td>string</td>
<td>
tenant owning the given Quobyte volume in the Backend
Used with dynamically provisioned Quobyte volumes, value is set by the plugin<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
user to map volume access to
Defaults to serivceaccount user<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].rbd
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>image</b></td>
<td>string</td>
<td>
image is the rados image name.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>monitors</b></td>
<td>[]string</td>
<td>
monitors is a collection of Ceph monitors.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from compromising the machine<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>keyring</b></td>
<td>string</td>
<td>
keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>pool</b></td>
<td>string</td>
<td>
pool is the rados pool name.
Default is rbd.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly here will force the ReadOnly setting in VolumeMounts.
Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexrbdsecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef is name of the authentication secret for RBDUser. If provided
overrides keyring.
Default is nil.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
user is the rados user name.
Default is admin.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].rbd.secretRef
secretRef is name of the authentication secret for RBDUser. If provided
overrides keyring.
Default is nil.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].scaleIO
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>gateway</b></td>
<td>string</td>
<td>
gateway is the host address of the ScaleIO API Gateway.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexscaleiosecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef references to the secret for ScaleIO user and other
sensitive information. If this is not provided, Login operation will fail.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>system</b></td>
<td>string</td>
<td>
system is the name of the storage system as configured in ScaleIO.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs".
Default is "xfs".<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>protectionDomain</b></td>
<td>string</td>
<td>
protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>sslEnabled</b></td>
<td>boolean</td>
<td>
sslEnabled Flag enable/disable SSL communication with Gateway, default false<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>storageMode</b></td>
<td>string</td>
<td>
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>storagePool</b></td>
<td>string</td>
<td>
storagePool is the ScaleIO Storage Pool associated with the protection domain.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeName</b></td>
<td>string</td>
<td>
volumeName is the name of a volume already created in the ScaleIO system
that is associated with this volume source.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].scaleIO.secretRef
secretRef references to the secret for ScaleIO user and other
sensitive information. If this is not provided, Login operation will fail.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].secret
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>defaultMode</b></td>
<td>integer</td>
<td>
defaultMode is Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexsecretitemsindex">items</a></b></td>
<td>[]object</td>
<td>
items If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>optional</b></td>
<td>boolean</td>
<td>
optional field specify whether the Secret or its keys must be defined<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
secretName is the name of the secret in the pod's namespace to use.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].secret.items[index]
Maps a string key to a path within a volume.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the key to project.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>path</b></td>
<td>string</td>
<td>
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>mode</b></td>
<td>integer</td>
<td>
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].storageos
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readOnly</b></td>
<td>boolean</td>
<td>
readOnly defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentadditionalvolumesindexstorageossecretref">secretRef</a></b></td>
<td>object</td>
<td>
secretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeName</b></td>
<td>string</td>
<td>
volumeName is the human-readable name of the StorageOS volume. Volume
names are only unique within a namespace.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>volumeNamespace</b></td>
<td>string</td>
<td>
volumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].storageos.secretRef
secretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.<br/>
<br/>
<i>Default</i>: <br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].vsphereVolume
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>volumePath</b></td>
<td>string</td>
<td>
volumePath is the path that identifies vSphere volume vmdk<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>fsType</b></td>
<td>string</td>
<td>
fsType is filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>storagePolicyID</b></td>
<td>string</td>
<td>
storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>storagePolicyName</b></td>
<td>string</td>
<td>
storagePolicyName is the storage Policy Based Management (SPBM) profile name.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity
If specified, the Tenant Control Plane pod's scheduling constraints.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinity">nodeAffinity</a></b></td>
<td>object</td>
<td>
Describes node affinity scheduling rules for the pod.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinity">podAffinity</a></b></td>
<td>object</td>
<td>
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinity">podAntiAffinity</a></b></td>
<td>object</td>
<td>
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity
Describes node affinity scheduling rules for the pod.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex">preferredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>[]object</td>
<td>
The scheduler will prefer to schedule pods to nodes that satisfy
the affinity expressions specified by this field, but it may choose
a node that violates one or more of the expressions. The node that is
most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions, etc.),
compute a sum by iterating through the elements of this field and adding
"weight" to the sum if the node matches the corresponding matchExpressions; the
node(s) with the highest sum are the most preferred.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinityrequiredduringschedulingignoredduringexecution">requiredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>object</td>
<td>
If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node.
If the affinity requirements specified by this field cease to be met
at some point during pod execution (e.g. due to an update), the system
may or may not try to eventually evict the pod from its node.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
An empty preferred scheduling term matches all objects with implicit weight 0
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference">preference</a></b></td>
<td>object</td>
<td>
A node selector term, associated with the corresponding weight.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>weight</b></td>
<td>integer</td>
<td>
Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
A node selector term, associated with the corresponding weight.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreferencematchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
A list of node selector requirements by node's labels.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreferencematchfieldsindex">matchFields</a></b></td>
<td>[]object</td>
<td>
A list of node selector requirements by node's fields.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node.
If the affinity requirements specified by this field cease to be met
at some point during pod execution (e.g. due to an update), the system
may or may not try to eventually evict the pod from its node.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex">nodeSelectorTerms</a></b></td>
<td>[]object</td>
<td>
Required. A list of node selector terms. The terms are ORed.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
A null or empty node selector term matches no objects. The requirements of
them are ANDed.
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindexmatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
A list of node selector requirements by node's labels.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindexmatchfieldsindex">matchFields</a></b></td>
<td>[]object</td>
<td>
A list of node selector requirements by node's fields.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
A node selector requirement is a selector that contains values, a key, and an operator
that relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator is Gt or Lt, the values
array must have a single element, which will be interpreted as an integer.
This array is replaced during a strategic merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex">preferredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>[]object</td>
<td>
The scheduler will prefer to schedule pods to nodes that satisfy
the affinity expressions specified by this field, but it may choose
a node that violates one or more of the expressions. The node that is
most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions, etc.),
compute a sum by iterating through the elements of this field and adding
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex">requiredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>[]object</td>
<td>
If the affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node.
If the affinity requirements specified by this field cease to be met
at some point during pod execution (e.g. due to a pod label update), the
system may or may not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes corresponding to each
podAffinityTerm are intersected, i.e. all terms must be satisfied.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm">podAffinityTerm</a></b></td>
<td>object</td>
<td>
Required. A pod affinity term, associated with the corresponding weight.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>weight</b></td>
<td>integer</td>
<td>
weight associated with matching the corresponding podAffinityTerm,
in the range 1-100.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
Required. A pod affinity term, associated with the corresponding weight.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>topologyKey</b></td>
<td>string</td>
<td>
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where co-located is defined as running on a node
whose value of the label with key topologyKey matches that of any node on which any of the
selected pods is running.
Empty topologyKey is not allowed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabelKeys</b></td>
<td>[]string</td>
<td>
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mismatchLabelKeys</b></td>
<td>[]string</td>
<td>
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector">namespaceSelector</a></b></td>
<td>object</td>
<td>
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespaces</b></td>
<td>[]string</td>
<td>
namespaces specifies a static list of namespace names that the term applies to.
The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector.
null or empty namespaces list and null namespaceSelector means "this pod's namespace".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
Defines a set of pods (namely those matching the labelSelector
relative to the given namespace(s)) that this pod should be
co-located (affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node whose value of
the label with key <topologyKey> matches that of any node on which
a pod of the set of pods is running
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>topologyKey</b></td>
<td>string</td>
<td>
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where co-located is defined as running on a node
whose value of the label with key topologyKey matches that of any node on which any of the
selected pods is running.
Empty topologyKey is not allowed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabelKeys</b></td>
<td>[]string</td>
<td>
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mismatchLabelKeys</b></td>
<td>[]string</td>
<td>
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector">namespaceSelector</a></b></td>
<td>object</td>
<td>
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespaces</b></td>
<td>[]string</td>
<td>
namespaces specifies a static list of namespace names that the term applies to.
The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector.
null or empty namespaces list and null namespaceSelector means "this pod's namespace".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex">preferredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>[]object</td>
<td>
The scheduler will prefer to schedule pods to nodes that satisfy
the anti-affinity expressions specified by this field, but it may choose
a node that violates one or more of the expressions. The node that is
most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions, etc.),
compute a sum by iterating through the elements of this field and adding
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex">requiredDuringSchedulingIgnoredDuringExecution</a></b></td>
<td>[]object</td>
<td>
If the anti-affinity requirements specified by this field are not met at
scheduling time, the pod will not be scheduled onto the node.
If the anti-affinity requirements specified by this field cease to be met
at some point during pod execution (e.g. due to a pod label update), the
system may or may not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes corresponding to each
podAffinityTerm are intersected, i.e. all terms must be satisfied.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm">podAffinityTerm</a></b></td>
<td>object</td>
<td>
Required. A pod affinity term, associated with the corresponding weight.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>weight</b></td>
<td>integer</td>
<td>
weight associated with matching the corresponding podAffinityTerm,
in the range 1-100.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
Required. A pod affinity term, associated with the corresponding weight.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>topologyKey</b></td>
<td>string</td>
<td>
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where co-located is defined as running on a node
whose value of the label with key topologyKey matches that of any node on which any of the
selected pods is running.
Empty topologyKey is not allowed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabelKeys</b></td>
<td>[]string</td>
<td>
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mismatchLabelKeys</b></td>
<td>[]string</td>
<td>
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector">namespaceSelector</a></b></td>
<td>object</td>
<td>
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespaces</b></td>
<td>[]string</td>
<td>
namespaces specifies a static list of namespace names that the term applies to.
The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector.
null or empty namespaces list and null namespaceSelector means "this pod's namespace".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
Defines a set of pods (namely those matching the labelSelector
relative to the given namespace(s)) that this pod should be
co-located (affinity) or not co-located (anti-affinity) with,
where co-located is defined as running on a node whose value of
the label with key <topologyKey> matches that of any node on which
a pod of the set of pods is running
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>topologyKey</b></td>
<td>string</td>
<td>
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where co-located is defined as running on a node
whose value of the label with key topologyKey matches that of any node on which any of the
selected pods is running.
Empty topologyKey is not allowed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabelKeys</b></td>
<td>[]string</td>
<td>
MatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>mismatchLabelKeys</b></td>
<td>[]string</td>
<td>
MismatchLabelKeys is a set of pod label keys to select which pods will
be taken into consideration. The keys are used to lookup values from the
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
to select the group of existing pods which pods will be taken into consideration
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector">namespaceSelector</a></b></td>
<td>object</td>
<td>
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespaces</b></td>
<td>[]string</td>
<td>
namespaces specifies a static list of namespace names that the term applies to.
The term is applied to the union of the namespaces listed in this field
and the ones selected by namespaceSelector.
null or empty namespaces list and null namespaceSelector means "this pod's namespace".<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
A label query over a set of resources, in this case pods.
If it's null, this PodAffinityTerm matches with no Pods.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector
A label query over the set of namespaces that the term applies to.
The term is applied to the union of the namespaces selected by this field
and the ones listed in the namespaces field.
null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.extraArgs
ExtraArgs allows adding additional arguments to the Control Plane components,
such as kube-apiserver, controller-manager, and scheduler. WARNING - This option
can override existing parameters and cause components to misbehave in unxpected ways.
Only modify if you know what you are doing.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>apiServer</b></td>
<td>[]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>controllerManager</b></td>
<td>[]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>kine</b></td>
<td>[]string</td>
<td>
Available only if Kamaji is running using Kine as backing storage.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>scheduler</b></td>
<td>[]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.podAdditionalMetadata
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>annotations</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>labels</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.registrySettings
RegistrySettings allows to override the default images for the given Tenant Control Plane instance.
It could be used to point to a different container registry rather than the public one.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>apiServerImage</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Default</i>: kube-apiserver<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>controllerManagerImage</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Default</i>: kube-controller-manager<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>registry</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Default</i>: registry.k8s.io<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>schedulerImage</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Default</i>: kube-scheduler<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tagSuffix</b></td>
<td>string</td>
<td>
The tag to append to all the Control Plane container images.
Optional.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources
Resources defines the amount of memory and CPU to allocate to each component of the Control Plane
(kube-apiserver, controller-manager, and scheduler).
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcesapiserver">apiServer</a></b></td>
<td>object</td>
<td>
ResourceRequirements describes the compute resource requirements.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcescontrollermanager">controllerManager</a></b></td>
<td>object</td>
<td>
ResourceRequirements describes the compute resource requirements.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourceskine">kine</a></b></td>
<td>object</td>
<td>
Define the kine container resources.
Available only if Kamaji is running using Kine as backing storage.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcesscheduler">scheduler</a></b></td>
<td>object</td>
<td>
ResourceRequirements describes the compute resource requirements.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.apiServer
ResourceRequirements describes the compute resource requirements.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcesapiserverclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.apiServer.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.controllerManager
ResourceRequirements describes the compute resource requirements.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcescontrollermanagerclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.controllerManager.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.kine
Define the kine container resources.
Available only if Kamaji is running using Kine as backing storage.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourceskineclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.kine.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.scheduler
ResourceRequirements describes the compute resource requirements.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentresourcesschedulerclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.resources.scheduler.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.strategy
Strategy describes how to replace existing pods with new ones for the given Tenant Control Plane.
Default value is set to Rolling Update, with a blue/green strategy.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymentstrategyrollingupdate">rollingUpdate</a></b></td>
<td>object</td>
<td>
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
---
TODO: Update this to follow our convention for oneOf, whatever we decide it
to be.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.strategy.rollingUpdate
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
---
TODO: Update this to follow our convention for oneOf, whatever we decide it
to be.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>maxSurge</b></td>
<td>int or string</td>
<td>
The maximum number of pods that can be scheduled above the desired number of
pods.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
This can not be 0 if MaxUnavailable is 0.
Absolute number is calculated from percentage by rounding up.
Defaults to 25%.
Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
the rolling update starts, such that the total number of old and new pods do not exceed
130% of desired pods. Once old pods have been killed,
new ReplicaSet can be scaled up further, ensuring that total number of pods running
at any time during the update is at most 130% of desired pods.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>maxUnavailable</b></td>
<td>int or string</td>
<td>
The maximum number of pods that can be unavailable during the update.
Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
Absolute number is calculated from percentage by rounding down.
This can not be 0 if MaxSurge is 0.
Defaults to 25%.
Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
that the total number of pods available at all times during the update is at
least 70% of desired pods.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.tolerations[index]
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>effect</b></td>
<td>string</td>
<td>
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>key</b></td>
<td>string</td>
<td>
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tolerationSeconds</b></td>
<td>integer</td>
<td>
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.topologySpreadConstraints[index]
TopologySpreadConstraint specifies how to spread matching pods among the given topology.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>maxSkew</b></td>
<td>integer</td>
<td>
MaxSkew describes the degree to which pods may be unevenly distributed.
When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
between the number of matching pods in the target topology and the global minimum.
The global minimum is the minimum number of matching pods in an eligible domain
or zero if the number of eligible domains is less than MinDomains.
For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
labelSelector spread as 2/2/1:
In this case, the global minimum is 1.
| zone1 | zone2 | zone3 |
| P P | P P | P |
- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
violate MaxSkew(1).
- if MaxSkew is 2, incoming pod can be scheduled onto any zone.
When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
to topologies that satisfy it.
It's a required field. Default value is 1 and 0 is not allowed.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>topologyKey</b></td>
<td>string</td>
<td>
TopologyKey is the key of node labels. Nodes that have a label with this key
and identical values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try to put balanced number
of pods into each bucket.
We define a domain as a particular instance of a topology.
Also, we define an eligible domain as a domain whose nodes meet the requirements of
nodeAffinityPolicy and nodeTaintsPolicy.
e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
It's a required field.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>whenUnsatisfiable</b></td>
<td>string</td>
<td>
WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
the spread constraint.
- DoNotSchedule (default) tells the scheduler not to schedule it.
- ScheduleAnyway tells the scheduler to schedule the pod in any location,
but giving higher precedence to topologies that would help reduce the
skew.
A constraint is considered "Unsatisfiable" for an incoming pod
if and only if every possible node assignment for that pod would violate
"MaxSkew" on some topology.
For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
labelSelector spread as 3/1/1:
| zone1 | zone2 | zone3 |
| P P P | P | P |
If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
won't make it *more* imbalanced.
It's a required field.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymenttopologyspreadconstraintsindexlabelselector">labelSelector</a></b></td>
<td>object</td>
<td>
LabelSelector is used to find matching pods.
Pods that match this label selector are counted to determine the number of pods
in their corresponding topology domain.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabelKeys</b></td>
<td>[]string</td>
<td>
MatchLabelKeys is a set of pod label keys to select the pods over which
spreading will be calculated. The keys are used to lookup values from the
incoming pod labels, those key-value labels are ANDed with labelSelector
to select the group of existing pods over which spreading will be calculated
for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
MatchLabelKeys cannot be set when LabelSelector isn't set.
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>minDomains</b></td>
<td>integer</td>
<td>
MinDomains indicates a minimum number of eligible domains.
When the number of eligible domains with matching topology keys is less than minDomains,
Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
And when the number of eligible domains with matching topology keys equals or greater than minDomains,
this value has no effect on scheduling.
As a result, when the number of eligible domains is less than minDomains,
scheduler won't schedule more than maxSkew Pods to those domains.
If value is nil, the constraint behaves as if MinDomains is equal to 1.
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
| P P | P P | P P |
The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
In this situation, new pod with the same labelSelector cannot be scheduled,
because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
it will violate MaxSkew.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>nodeAffinityPolicy</b></td>
<td>string</td>
<td>
NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
when calculating pod topology spread skew. Options are:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>nodeTaintsPolicy</b></td>
<td>string</td>
<td>
NodeTaintsPolicy indicates how we will treat node taints when calculating
pod topology spread skew. Options are:
- Honor: nodes without taints, along with tainted nodes for which the incoming pod
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.topologySpreadConstraints[index].labelSelector
LabelSelector is used to find matching pods.
Pods that match this label selector are counted to determine the number of pods
in their corresponding topology domain.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplanedeploymenttopologyspreadconstraintsindexlabelselectormatchexpressionsindex">matchExpressions</a></b></td>
<td>[]object</td>
<td>
matchExpressions is a list of label selector requirements. The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>matchLabels</b></td>
<td>map[string]string</td>
<td>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.deployment.topologySpreadConstraints[index].labelSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
key is the label key that the selector applies to.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>values</b></td>
<td>[]string</td>
<td>
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.ingress
Defining the options for an Optional Ingress which will expose API Server of the Tenant Control Plane
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeccontrolplaneingressadditionalmetadata">additionalMetadata</a></b></td>
<td>object</td>
<td>
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>hostname</b></td>
<td>string</td>
<td>
Hostname is an optional field which will be used as Ingress's Host. If it is not defined,
Ingress's host will be "<tenant>.<namespace>.<domain>", where domain is specified under NetworkProfileSpec<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ingressClassName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.controlPlane.ingress.additionalMetadata
AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>annotations</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>labels</b></td>
<td>map[string]string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.kubernetes
Kubernetes specification for tenant control plane
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespeckuberneteskubelet">kubelet</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>version</b></td>
<td>string</td>
<td>
Kubernetes Version for the tenant control plane<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>admissionControllers</b></td>
<td>[]enum</td>
<td>
List of enabled Admission Controllers for the Tenant cluster.
Full reference available here: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers<br/>
<br/>
<i>Default</i>: [CertificateApproval CertificateSigning CertificateSubjectRestriction DefaultIngressClass DefaultStorageClass DefaultTolerationSeconds LimitRanger MutatingAdmissionWebhook NamespaceLifecycle PersistentVolumeClaimResize Priority ResourceQuota RuntimeClass ServiceAccount StorageObjectInUseProtection TaintNodesByCondition ValidatingAdmissionWebhook]<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.kubernetes.kubelet
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>cgroupfs</b></td>
<td>enum</td>
<td>
CGroupFS defines the cgroup driver for Kubelet
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/<br/>
<br/>
<i>Enum</i>: systemd, cgroupfs<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>preferredAddressTypes</b></td>
<td>[]enum</td>
<td>
Ordered list of the preferred NodeAddressTypes to use for kubelet connections.
Default to Hostname, InternalIP, ExternalIP.<br/>
<br/>
<i>Default</i>: [Hostname InternalIP ExternalIP]<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons
Addons contain which addons are enabled
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespecaddonscoredns">coreDNS</a></b></td>
<td>object</td>
<td>
Enables the DNS addon in the Tenant Cluster.
The registry and the tag are configurable, the image is hard-coded to `coredns`.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivity">konnectivity</a></b></td>
<td>object</td>
<td>
Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddonskubeproxy">kubeProxy</a></b></td>
<td>object</td>
<td>
Enables the kube-proxy addon in the Tenant Cluster.
The registry and the tag are configurable, the image is hard-coded to `kube-proxy`.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.coreDNS
Enables the DNS addon in the Tenant Cluster.
The registry and the tag are configurable, the image is hard-coded to `coredns`.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>imageRepository</b></td>
<td>string</td>
<td>
ImageRepository sets the container registry to pull images from.
if not set, the default ImageRepository will be used instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imageTag</b></td>
<td>string</td>
<td>
ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity
Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivityagent">agent</a></b></td>
<td>object</td>
<td>
<br/>
<br/>
<i>Default</i>: map[image:registry.k8s.io/kas-network-proxy/proxy-agent version:v0.0.32]<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivityserver">server</a></b></td>
<td>object</td>
<td>
<br/>
<br/>
<i>Default</i>: map[image:registry.k8s.io/kas-network-proxy/proxy-server port:8132 version:v0.0.32]<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity.agent
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>extraArgs</b></td>
<td>[]string</td>
<td>
ExtraArgs allows adding additional arguments to said component.
WARNING - This option can override existing konnectivity
parameters and cause konnectivity components to misbehave in
unxpected ways. Only modify if you know what you are doing.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
AgentImage defines the container image for Konnectivity's agent.<br/>
<br/>
<i>Default</i>: registry.k8s.io/kas-network-proxy/proxy-agent<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivityagenttolerationsindex">tolerations</a></b></td>
<td>[]object</td>
<td>
Tolerations for the deployed agent.
Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted.<br/>
<br/>
<i>Default</i>: [map[key:CriticalAddonsOnly operator:Exists]]<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>version</b></td>
<td>string</td>
<td>
Version for Konnectivity agent.<br/>
<br/>
<i>Default</i>: v0.0.32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity.agent.tolerations[index]
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>effect</b></td>
<td>string</td>
<td>
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>key</b></td>
<td>string</td>
<td>
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>operator</b></td>
<td>string</td>
<td>
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>tolerationSeconds</b></td>
<td>integer</td>
<td>
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>value</b></td>
<td>string</td>
<td>
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity.server
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
The port which Konnectivity server is listening to.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>extraArgs</b></td>
<td>[]string</td>
<td>
ExtraArgs allows adding additional arguments to said component.
WARNING - This option can override existing konnectivity
parameters and cause konnectivity components to misbehave in
unxpected ways. Only modify if you know what you are doing.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>image</b></td>
<td>string</td>
<td>
Container image used by the Konnectivity server.<br/>
<br/>
<i>Default</i>: registry.k8s.io/kas-network-proxy/proxy-server<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivityserverresources">resources</a></b></td>
<td>object</td>
<td>
Resources define the amount of CPU and memory to allocate to the Konnectivity server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>version</b></td>
<td>string</td>
<td>
Container image version of the Konnectivity server.<br/>
<br/>
<i>Default</i>: v0.0.32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity.server.resources
Resources define the amount of CPU and memory to allocate to the Konnectivity server.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanespecaddonskonnectivityserverresourcesclaimsindex">claims</a></b></td>
<td>[]object</td>
<td>
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>limits</b></td>
<td>map[string]int or string</td>
<td>
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>requests</b></td>
<td>map[string]int or string</td>
<td>
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.konnectivity.server.resources.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.addons.kubeProxy
Enables the kube-proxy addon in the Tenant Cluster.
The registry and the tag are configurable, the image is hard-coded to `kube-proxy`.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>imageRepository</b></td>
<td>string</td>
<td>
ImageRepository sets the container registry to pull images from.
if not set, the default ImageRepository will be used instead.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>imageTag</b></td>
<td>string</td>
<td>
ImageTag allows to specify a tag for the image.
In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.spec.networkProfile
NetworkProfile specifies how the network is
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>address</b></td>
<td>string</td>
<td>
Address where API server of will be exposed.
In case of LoadBalancer Service, this can be empty in order to use the exposed IP provided by the cloud controller manager.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>allowAddressAsExternalIP</b></td>
<td>boolean</td>
<td>
AllowAddressAsExternalIP will include tenantControlPlane.Spec.NetworkProfile.Address in the section of
ExternalIPs of the Kubernetes Service (only ClusterIP or NodePort)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>certSANs</b></td>
<td>[]string</td>
<td>
CertSANs sets extra Subject Alternative Names (SANs) for the API Server signing certificate.
Use this field to add additional hostnames when exposing the Tenant Control Plane with third solutions.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>dnsServiceIPs</b></td>
<td>[]string</td>
<td>
<br/>
<br/>
<i>Default</i>: [10.96.0.10]<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>podCidr</b></td>
<td>string</td>
<td>
CIDR for Kubernetes Pods<br/>
<br/>
<i>Default</i>: 10.244.0.0/16<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port where API server of will be exposed<br/>
<br/>
<i>Format</i>: int32<br/>
<i>Default</i>: 6443<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>serviceCidr</b></td>
<td>string</td>
<td>
Kubernetes Service<br/>
<br/>
<i>Default</i>: 10.96.0.0/16<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status
TenantControlPlaneStatus defines the observed state of TenantControlPlane.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatusaddons">addons</a></b></td>
<td>object</td>
<td>
Addons contains the status of the different Addons<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificates">certificates</a></b></td>
<td>object</td>
<td>
Certificates contains information about the different certificates
that are necessary to run a kubernetes control plane<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>controlPlaneEndpoint</b></td>
<td>string</td>
<td>
ControlPlaneEndpoint contains the status of the kubernetes control plane<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubeadmphase">kubeadmPhase</a></b></td>
<td>object</td>
<td>
KubeadmPhase contains the status of the kubeadm phases action<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubeadmconfig">kubeadmconfig</a></b></td>
<td>object</td>
<td>
KubeadmConfig contains the status of the configuration required by kubeadm<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubeconfig">kubeconfig</a></b></td>
<td>object</td>
<td>
KubeConfig contains information about the kubenconfigs that control plane pieces need<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresources">kubernetesResources</a></b></td>
<td>object</td>
<td>
Kubernetes contains information about the reconciliation of the required Kubernetes resources deployed in the admin cluster<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusstorage">storage</a></b></td>
<td>object</td>
<td>
Storage Status contains information about Kubernetes storage system<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons
Addons contains the status of the different Addons
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatusaddonscoredns">coreDNS</a></b></td>
<td>object</td>
<td>
AddonStatus defines the observed state of an Addon.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivity">konnectivity</a></b></td>
<td>object</td>
<td>
KonnectivityStatus defines the status of Konnectivity as Addon.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskubeproxy">kubeProxy</a></b></td>
<td>object</td>
<td>
AddonStatus defines the observed state of an Addon.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.coreDNS
AddonStatus defines the observed state of an Addon.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>enabled</b></td>
<td>boolean</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity
KonnectivityStatus defines the status of Konnectivity as Addon.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>enabled</b></td>
<td>boolean</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityagent">agent</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivitycertificate">certificate</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityclusterrolebinding">clusterrolebinding</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityconfigmap">configMap</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivitykubeconfig">kubeconfig</a></b></td>
<td>object</td>
<td>
KubeconfigStatus contains information about the generated kubeconfig.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivitysa">sa</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityservice">service</a></b></td>
<td>object</td>
<td>
KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.agent
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
Last time when k8s object was updated<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.certificate
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.clusterrolebinding
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
Last time when k8s object was updated<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.configMap
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.kubeconfig
KubeconfigStatus contains information about the generated kubeconfig.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.sa
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
Last time when k8s object was updated<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.service
KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the Service for the given cluster.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
The namespace which the Service for the given cluster is deployed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
The port where the service is running<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityserviceconditionsindex">conditions</a></b></td>
<td>[]object</td>
<td>
Current service state<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityserviceloadbalancer">loadBalancer</a></b></td>
<td>object</td>
<td>
LoadBalancer contains the current status of the load-balancer,
if one is present.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.service.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
---
This struct is intended for direct use as an array at the field path .status.conditions. For example,
type FooStatus struct{
// Represents the observations of a foo's current state.
// Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
// other fields
}
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>lastTransitionTime</b></td>
<td>string</td>
<td>
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>message</b></td>
<td>string</td>
<td>
message is a human readable message indicating details about the transition.
This may be an empty string.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>reason</b></td>
<td>string</td>
<td>
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>status</b></td>
<td>enum</td>
<td>
status of the condition, one of True, False, Unknown.<br/>
<br/>
<i>Enum</i>: True, False, Unknown<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>observedGeneration</b></td>
<td>integer</td>
<td>
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.<br/>
<br/>
<i>Format</i>: int64<br/>
<i>Minimum</i>: 0<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.service.loadBalancer
LoadBalancer contains the current status of the load-balancer,
if one is present.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityserviceloadbalanceringressindex">ingress</a></b></td>
<td>[]object</td>
<td>
Ingress is a list containing ingress points for the load-balancer.
Traffic intended for the service should be sent to these ingress points.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.service.loadBalancer.ingress[index]
LoadBalancerIngress represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>hostname</b></td>
<td>string</td>
<td>
Hostname is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ip</b></td>
<td>string</td>
<td>
IP is set for load-balancer ingress points that are IP based
(typically GCE or OpenStack load-balancers)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ipMode</b></td>
<td>string</td>
<td>
IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
Setting this to "VIP" indicates that traffic is delivered to the node with
the destination set to the load-balancer's IP and port.
Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
the destination set to the node's IP and node port or the pod's IP and port.
Service implementations may use this information to adjust traffic routing.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusaddonskonnectivityserviceloadbalanceringressindexportsindex">ports</a></b></td>
<td>[]object</td>
<td>
Ports is a list of records of service ports
If used, every port defined in the service should have an entry in it<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.konnectivity.service.loadBalancer.ingress[index].ports[index]
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port is the port number of the service port of which status is recorded here<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>protocol</b></td>
<td>string</td>
<td>
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"<br/>
<br/>
<i>Default</i>: TCP<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>error</b></td>
<td>string</td>
<td>
Error is to record the problem with the service port
The format of the error shall comply with the following rules:
- built-in error values shall be specified in this file and those shall use
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
---
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.addons.kubeProxy
AddonStatus defines the observed state of an Addon.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>enabled</b></td>
<td>boolean</td>
<td>
<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates
Certificates contains information about the different certificates
that are necessary to run a kubernetes control plane
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesapiserver">apiServer</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesapiserverkubeletclient">apiServerKubeletClient</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesca">ca</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesetcd">etcd</a></b></td>
<td>object</td>
<td>
ETCDCertificatesStatus defines the observed state of ETCD Certificate for API server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesfrontproxyca">frontProxyCA</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesfrontproxyclient">frontProxyClient</a></b></td>
<td>object</td>
<td>
CertificatePrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatessa">sa</a></b></td>
<td>object</td>
<td>
PublicKeyPrivateKeyPairStatus defines the status.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.apiServer
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.apiServerKubeletClient
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.ca
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.etcd
ETCDCertificatesStatus defines the observed state of ETCD Certificate for API server.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesetcdapiserver">apiServer</a></b></td>
<td>object</td>
<td>
APIServerCertificatesStatus defines the observed state of ETCD Certificate for API server.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuscertificatesetcdca">ca</a></b></td>
<td>object</td>
<td>
ETCDCertificateStatus defines the observed state of ETCD Certificate for API server.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.etcd.apiServer
APIServerCertificatesStatus defines the observed state of ETCD Certificate for API server.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.etcd.ca
ETCDCertificateStatus defines the observed state of ETCD Certificate for API server.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.frontProxyCA
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.frontProxyClient
CertificatePrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.certificates.sa
PublicKeyPrivateKeyPairStatus defines the status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeadmPhase
KubeadmPhase contains the status of the kubeadm phases action
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuskubeadmphasebootstraptoken">bootstrapToken</a></b></td>
<td>object</td>
<td>
KubeadmPhaseStatus contains the status of a kubeadm phase action.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeadmPhase.bootstrapToken
KubeadmPhaseStatus contains the status of a kubeadm phase action.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeadmconfig
KubeadmConfig contains the status of the configuration required by kubeadm
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
Checksum of the kubeadm configuration to detect changes<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>configmapName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeconfig
KubeConfig contains information about the kubenconfigs that control plane pieces need
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuskubeconfigadmin">admin</a></b></td>
<td>object</td>
<td>
KubeconfigStatus contains information about the generated kubeconfig.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubeconfigcontrollermanager">controllerManager</a></b></td>
<td>object</td>
<td>
KubeconfigStatus contains information about the generated kubeconfig.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubeconfigscheduler">scheduler</a></b></td>
<td>object</td>
<td>
KubeconfigStatus contains information about the generated kubeconfig.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeconfig.admin
KubeconfigStatus contains information about the generated kubeconfig.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeconfig.controllerManager
KubeconfigStatus contains information about the generated kubeconfig.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubeconfig.scheduler
KubeconfigStatus contains information about the generated kubeconfig.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources
Kubernetes contains information about the reconciliation of the required Kubernetes resources deployed in the admin cluster
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesdeployment">deployment</a></b></td>
<td>object</td>
<td>
KubernetesDeploymentStatus defines the status for the Tenant Control Plane Deployment in the management cluster.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesingress">ingress</a></b></td>
<td>object</td>
<td>
KubernetesIngressStatus defines the status for the Tenant Control Plane Ingress in the management cluster.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesservice">service</a></b></td>
<td>object</td>
<td>
KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesversion">version</a></b></td>
<td>object</td>
<td>
KubernetesVersion contains the information regarding the running Kubernetes version, and its upgrade status.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.deployment
KubernetesDeploymentStatus defines the status for the Tenant Control Plane Deployment in the management cluster.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the Deployment for the given cluster.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
The namespace which the Deployment for the given cluster is deployed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>selector</b></td>
<td>string</td>
<td>
Selector is the label selector used to group the Tenant Control Plane Pods used by the scale subresource.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>availableReplicas</b></td>
<td>integer</td>
<td>
Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>collisionCount</b></td>
<td>integer</td>
<td>
Count of hash collisions for the Deployment. The Deployment controller uses this
field as a collision avoidance mechanism when it needs to create the name for the
newest ReplicaSet.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesdeploymentconditionsindex">conditions</a></b></td>
<td>[]object</td>
<td>
Represents the latest available observations of a deployment's current state.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
Last time when deployment was updated<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>observedGeneration</b></td>
<td>integer</td>
<td>
The generation observed by the deployment controller.<br/>
<br/>
<i>Format</i>: int64<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>readyReplicas</b></td>
<td>integer</td>
<td>
readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>replicas</b></td>
<td>integer</td>
<td>
Total number of non-terminated pods targeted by this deployment (their labels match the selector).<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>unavailableReplicas</b></td>
<td>integer</td>
<td>
Total number of unavailable pods targeted by this deployment. This is the total number of
pods that are still required for the deployment to have 100% available capacity. They may
either be pods that are running but not yet available or pods that still have not been created.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>updatedReplicas</b></td>
<td>integer</td>
<td>
Total number of non-terminated pods targeted by this deployment that have the desired template spec.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.deployment.conditions[index]
DeploymentCondition describes the state of a deployment at a certain point.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>status</b></td>
<td>string</td>
<td>
Status of the condition, one of True, False, Unknown.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
Type of deployment condition.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>lastTransitionTime</b></td>
<td>string</td>
<td>
Last time the condition transitioned from one status to another.<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdateTime</b></td>
<td>string</td>
<td>
The last time this condition was updated.<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>message</b></td>
<td>string</td>
<td>
A human readable message indicating details about the transition.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>reason</b></td>
<td>string</td>
<td>
The reason for the condition's last transition.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.ingress
KubernetesIngressStatus defines the status for the Tenant Control Plane Ingress in the management cluster.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the Ingress for the given cluster.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
The namespace which the Ingress for the given cluster is deployed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesingressloadbalancer">loadBalancer</a></b></td>
<td>object</td>
<td>
loadBalancer contains the current status of the load-balancer.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.ingress.loadBalancer
loadBalancer contains the current status of the load-balancer.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesingressloadbalanceringressindex">ingress</a></b></td>
<td>[]object</td>
<td>
ingress is a list containing ingress points for the load-balancer.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.ingress.loadBalancer.ingress[index]
IngressLoadBalancerIngress represents the status of a load-balancer ingress point.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>hostname</b></td>
<td>string</td>
<td>
hostname is set for load-balancer ingress points that are DNS based.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ip</b></td>
<td>string</td>
<td>
ip is set for load-balancer ingress points that are IP based.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesingressloadbalanceringressindexportsindex">ports</a></b></td>
<td>[]object</td>
<td>
ports provides information about the ports exposed by this LoadBalancer.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.ingress.loadBalancer.ingress[index].ports[index]
IngressPortStatus represents the error condition of a service port
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
port is the port number of the ingress port.<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>protocol</b></td>
<td>string</td>
<td>
protocol is the protocol of the ingress port.
The supported values are: "TCP", "UDP", "SCTP"<br/>
<br/>
<i>Default</i>: TCP<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>error</b></td>
<td>string</td>
<td>
error is to record the problem with the service port
The format of the error shall comply with the following rules:
- built-in error values shall be specified in this file and those shall use
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
---
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.service
KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the Service for the given cluster.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>namespace</b></td>
<td>string</td>
<td>
The namespace which the Service for the given cluster is deployed.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
The port where the service is running<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesserviceconditionsindex">conditions</a></b></td>
<td>[]object</td>
<td>
Current service state<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesserviceloadbalancer">loadBalancer</a></b></td>
<td>object</td>
<td>
LoadBalancer contains the current status of the load-balancer,
if one is present.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.service.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
---
This struct is intended for direct use as an array at the field path .status.conditions. For example,
type FooStatus struct{
// Represents the observations of a foo's current state.
// Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
// other fields
}
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>lastTransitionTime</b></td>
<td>string</td>
<td>
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>message</b></td>
<td>string</td>
<td>
message is a human readable message indicating details about the transition.
This may be an empty string.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>reason</b></td>
<td>string</td>
<td>
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>status</b></td>
<td>enum</td>
<td>
status of the condition, one of True, False, Unknown.<br/>
<br/>
<i>Enum</i>: True, False, Unknown<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>type</b></td>
<td>string</td>
<td>
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>observedGeneration</b></td>
<td>integer</td>
<td>
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.<br/>
<br/>
<i>Format</i>: int64<br/>
<i>Minimum</i>: 0<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.service.loadBalancer
LoadBalancer contains the current status of the load-balancer,
if one is present.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesserviceloadbalanceringressindex">ingress</a></b></td>
<td>[]object</td>
<td>
Ingress is a list containing ingress points for the load-balancer.
Traffic intended for the service should be sent to these ingress points.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.service.loadBalancer.ingress[index]
LoadBalancerIngress represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>hostname</b></td>
<td>string</td>
<td>
Hostname is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ip</b></td>
<td>string</td>
<td>
IP is set for load-balancer ingress points that are IP based
(typically GCE or OpenStack load-balancers)<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>ipMode</b></td>
<td>string</td>
<td>
IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
Setting this to "VIP" indicates that traffic is delivered to the node with
the destination set to the load-balancer's IP and port.
Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
the destination set to the node's IP and node port or the pod's IP and port.
Service implementations may use this information to adjust traffic routing.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatuskubernetesresourcesserviceloadbalanceringressindexportsindex">ports</a></b></td>
<td>[]object</td>
<td>
Ports is a list of records of service ports
If used, every port defined in the service should have an entry in it<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.service.loadBalancer.ingress[index].ports[index]
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>port</b></td>
<td>integer</td>
<td>
Port is the port number of the service port of which status is recorded here<br/>
<br/>
<i>Format</i>: int32<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>protocol</b></td>
<td>string</td>
<td>
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"<br/>
<br/>
<i>Default</i>: TCP<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>error</b></td>
<td>string</td>
<td>
Error is to record the problem with the service port
The format of the error shall comply with the following rules:
- built-in error values shall be specified in this file and those shall use
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
---
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.kubernetesResources.version
KubernetesVersion contains the information regarding the running Kubernetes version, and its upgrade status.
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>status</b></td>
<td>enum</td>
<td>
Status returns the current status of the Kubernetes version, such as its provisioning state, or completed upgrade.<br/>
<br/>
<i>Enum</i>: Provisioning, CertificateAuthorityRotating, Upgrading, Migrating, Ready, NotReady<br/>
<i>Default</i>: Provisioning<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>version</b></td>
<td>string</td>
<td>
Version is the running Kubernetes version of the Tenant Control Plane.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.storage
Storage Status contains information about Kubernetes storage system
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#tenantcontrolplanestatusstoragecertificate">certificate</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusstorageconfig">config</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>dataStoreName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>driver</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#tenantcontrolplanestatusstoragesetup">setup</a></b></td>
<td>object</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.storage.certificate
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.storage.config
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>secretName</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
### TenantControlPlane.status.storage.setup
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>checksum</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>lastUpdate</b></td>
<td>string</td>
<td>
<br/>
<br/>
<i>Format</i>: date-time<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>schema</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>user</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr></tbody>
</table>
Reference in New Issue View Git Blame Copy Permalink