| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  | apiVersion: apiextensions.k8s.io/v1
 | 
					
						
							|  |  |  | kind: CustomResourceDefinition
 | 
					
						
							|  |  |  | metadata:
 | 
					
						
							|  |  |  |   annotations:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |     controller-gen.kubebuilder.io/version: v0.15.1-0.20240618033008-7824932b0cab
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |   name: proxyclasses.tailscale.com
 | 
					
						
							|  |  |  | spec:
 | 
					
						
							|  |  |  |   group: tailscale.com
 | 
					
						
							|  |  |  |   names:
 | 
					
						
							|  |  |  |     kind: ProxyClass
 | 
					
						
							|  |  |  |     listKind: ProxyClassList
 | 
					
						
							|  |  |  |     plural: proxyclasses
 | 
					
						
							|  |  |  |     singular: proxyclass
 | 
					
						
							|  |  |  |   scope: Cluster
 | 
					
						
							|  |  |  |   versions:
 | 
					
						
							|  |  |  |     - additionalPrinterColumns:
 | 
					
						
							|  |  |  |         - description: Status of the ProxyClass.
 | 
					
						
							|  |  |  |           jsonPath: .status.conditions[?(@.type == "ProxyClassReady")].reason
 | 
					
						
							|  |  |  |           name: Status
 | 
					
						
							|  |  |  |           type: string
 | 
					
						
							|  |  |  |       name: v1alpha1
 | 
					
						
							|  |  |  |       schema:
 | 
					
						
							|  |  |  |         openAPIV3Schema:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |           description: |-
 | 
					
						
							|  |  |  |             ProxyClass describes a set of configuration parameters that can be applied to
 | 
					
						
							|  |  |  |             proxy resources created by the Tailscale Kubernetes operator.
 | 
					
						
							|  |  |  |             To apply a given ProxyClass to resources created for a tailscale Ingress or
 | 
					
						
							|  |  |  |             Service, use tailscale.com/proxy-class=<proxyclass-name> label. To apply a
 | 
					
						
							|  |  |  |             given ProxyClass to resources created for a Connector, use
 | 
					
						
							|  |  |  |             connector.spec.proxyClass field.
 | 
					
						
							|  |  |  |             ProxyClass is a cluster scoped resource.
 | 
					
						
							|  |  |  |             More info:
 | 
					
						
							|  |  |  |             https://tailscale.com/kb/1236/kubernetes-operator#cluster-resource-customization-using-proxyclass-custom-resource.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |           type: object
 | 
					
						
							|  |  |  |           required:
 | 
					
						
							|  |  |  |             - spec
 | 
					
						
							|  |  |  |           properties:
 | 
					
						
							|  |  |  |             apiVersion:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |               description: |-
 | 
					
						
							|  |  |  |                 APIVersion defines the versioned schema of this representation of an object.
 | 
					
						
							|  |  |  |                 Servers should convert recognized schemas to the latest internal value, and
 | 
					
						
							|  |  |  |                 may reject unrecognized values.
 | 
					
						
							|  |  |  |                 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |               type: string
 | 
					
						
							|  |  |  |             kind:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |               description: |-
 | 
					
						
							|  |  |  |                 Kind is a string value representing the REST resource this object represents.
 | 
					
						
							|  |  |  |                 Servers may infer this from the endpoint the client submits requests to.
 | 
					
						
							|  |  |  |                 Cannot be updated.
 | 
					
						
							|  |  |  |                 In CamelCase.
 | 
					
						
							|  |  |  |                 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |               type: string
 | 
					
						
							|  |  |  |             metadata:
 | 
					
						
							|  |  |  |               type: object
 | 
					
						
							|  |  |  |             spec:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |               description: |-
 | 
					
						
							|  |  |  |                 Specification of the desired state of the ProxyClass resource.
 | 
					
						
							|  |  |  |                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |               type: object
 | 
					
						
							|  |  |  |               properties:
 | 
					
						
							| 
									
										
										
										
											2024-04-26 08:25:06 +01:00
										 |  |  |                 metrics:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                   description: |-
 | 
					
						
							|  |  |  |                     Configuration for proxy metrics. Metrics are currently not supported
 | 
					
						
							|  |  |  |                     for egress proxies and for Ingress proxies that have been configured
 | 
					
						
							|  |  |  |                     with tailscale.com/experimental-forward-cluster-traffic-via-ingress
 | 
					
						
							|  |  |  |                     annotation. Note that the metrics are currently considered unstable
 | 
					
						
							|  |  |  |                     and will likely change in breaking ways in the future - we only
 | 
					
						
							|  |  |  |                     recommend that you use those for debugging purposes.
 | 
					
						
							| 
									
										
										
										
											2024-04-26 08:25:06 +01:00
										 |  |  |                   type: object
 | 
					
						
							|  |  |  |                   required:
 | 
					
						
							|  |  |  |                     - enable
 | 
					
						
							|  |  |  |                   properties:
 | 
					
						
							|  |  |  |                     enable:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                       description: |-
 | 
					
						
							|  |  |  |                         Setting enable to true will make the proxy serve Tailscale metrics
 | 
					
						
							|  |  |  |                         at <pod-ip>:9001/debug/metrics.
 | 
					
						
							|  |  |  |                         Defaults to false.
 | 
					
						
							| 
									
										
										
										
											2024-04-26 08:25:06 +01:00
										 |  |  |                       type: boolean
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                 statefulSet:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                   description: |-
 | 
					
						
							|  |  |  |                     Configuration parameters for the proxy's StatefulSet. Tailscale
 | 
					
						
							|  |  |  |                     Kubernetes operator deploys a StatefulSet for each of the user
 | 
					
						
							|  |  |  |                     configured proxies (Tailscale Ingress, Tailscale Service, Connector).
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                   type: object
 | 
					
						
							|  |  |  |                   properties:
 | 
					
						
							|  |  |  |                     annotations:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                       description: |-
 | 
					
						
							|  |  |  |                         Annotations that will be added to the StatefulSet created for the proxy.
 | 
					
						
							|  |  |  |                         Any Annotations specified here will be merged with the default annotations
 | 
					
						
							|  |  |  |                         applied to the StatefulSet by the Tailscale Kubernetes operator as
 | 
					
						
							|  |  |  |                         well as any other annotations that might have been applied by other
 | 
					
						
							|  |  |  |                         actors.
 | 
					
						
							|  |  |  |                         Annotations must be valid Kubernetes annotations.
 | 
					
						
							|  |  |  |                         https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       type: object
 | 
					
						
							|  |  |  |                       additionalProperties:
 | 
					
						
							|  |  |  |                         type: string
 | 
					
						
							|  |  |  |                     labels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                       description: |-
 | 
					
						
							|  |  |  |                         Labels that will be added to the StatefulSet created for the proxy.
 | 
					
						
							|  |  |  |                         Any labels specified here will be merged with the default labels
 | 
					
						
							|  |  |  |                         applied to the StatefulSet by the Tailscale Kubernetes operator as
 | 
					
						
							|  |  |  |                         well as any other labels that might have been applied by other
 | 
					
						
							|  |  |  |                         actors.
 | 
					
						
							|  |  |  |                         Label keys and values must be valid Kubernetes label keys and values.
 | 
					
						
							|  |  |  |                         https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       type: object
 | 
					
						
							|  |  |  |                       additionalProperties:
 | 
					
						
							|  |  |  |                         type: string
 | 
					
						
							|  |  |  |                     pod:
 | 
					
						
							|  |  |  |                       description: Configuration for the proxy Pod.
 | 
					
						
							|  |  |  |                       type: object
 | 
					
						
							|  |  |  |                       properties:
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                         affinity:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's affinity rules.
 | 
					
						
							|  |  |  |                             By default, the Tailscale Kubernetes operator does not apply any affinity rules.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#affinity
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                           type: object
 | 
					
						
							|  |  |  |                           properties:
 | 
					
						
							|  |  |  |                             nodeAffinity:
 | 
					
						
							|  |  |  |                               description: Describes node affinity scheduling rules for the pod.
 | 
					
						
							|  |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 preferredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The scheduler will prefer to schedule pods to nodes that satisfy
 | 
					
						
							|  |  |  |                                     the affinity expressions specified by this field, but it may choose
 | 
					
						
							|  |  |  |                                     a node that violates one or more of the expressions. The node that is
 | 
					
						
							|  |  |  |                                     most preferred is the one with the greatest sum of weights, i.e.
 | 
					
						
							|  |  |  |                                     for each node that meets all of the scheduling requirements (resource
 | 
					
						
							|  |  |  |                                     request, requiredDuringScheduling affinity expressions, etc.),
 | 
					
						
							|  |  |  |                                     compute a sum by iterating through the elements of this field and adding
 | 
					
						
							|  |  |  |                                     "weight" to the sum if the node matches the corresponding matchExpressions; the
 | 
					
						
							|  |  |  |                                     node(s) with the highest sum are the most preferred.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                     description: |-
 | 
					
						
							|  |  |  |                                       An empty preferred scheduling term matches all objects with implicit weight 0
 | 
					
						
							|  |  |  |                                       (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - preference
 | 
					
						
							|  |  |  |                                       - weight
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       preference:
 | 
					
						
							|  |  |  |                                         description: A node selector term, associated with the corresponding weight.
 | 
					
						
							|  |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: A list of node selector requirements by node's labels.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A node selector requirement is a selector that contains values, a key, and an operator
 | 
					
						
							|  |  |  |                                                 that relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: The label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     Represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     An array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. If the operator is Gt or Lt, the values
 | 
					
						
							|  |  |  |                                                     array must have a single element, which will be interpreted as an integer.
 | 
					
						
							|  |  |  |                                                     This array is replaced during a strategic merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchFields:
 | 
					
						
							|  |  |  |                                             description: A list of node selector requirements by node's fields.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A node selector requirement is a selector that contains values, a key, and an operator
 | 
					
						
							|  |  |  |                                                 that relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: The label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     Represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     An array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. If the operator is Gt or Lt, the values
 | 
					
						
							|  |  |  |                                                     array must have a single element, which will be interpreted as an integer.
 | 
					
						
							|  |  |  |                                                     This array is replaced during a strategic merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                       weight:
 | 
					
						
							|  |  |  |                                         description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
 | 
					
						
							|  |  |  |                                         type: integer
 | 
					
						
							|  |  |  |                                         format: int32
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                 requiredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     If the affinity requirements specified by this field are not met at
 | 
					
						
							|  |  |  |                                     scheduling time, the pod will not be scheduled onto the node.
 | 
					
						
							|  |  |  |                                     If the affinity requirements specified by this field cease to be met
 | 
					
						
							|  |  |  |                                     at some point during pod execution (e.g. due to an update), the system
 | 
					
						
							|  |  |  |                                     may or may not try to eventually evict the pod from its node.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   required:
 | 
					
						
							|  |  |  |                                     - nodeSelectorTerms
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     nodeSelectorTerms:
 | 
					
						
							|  |  |  |                                       description: Required. A list of node selector terms. The terms are ORed.
 | 
					
						
							|  |  |  |                                       type: array
 | 
					
						
							|  |  |  |                                       items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           A null or empty node selector term matches no objects. The requirements of
 | 
					
						
							|  |  |  |                                           them are ANDed.
 | 
					
						
							|  |  |  |                                           The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: A list of node selector requirements by node's labels.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A node selector requirement is a selector that contains values, a key, and an operator
 | 
					
						
							|  |  |  |                                                 that relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: The label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     Represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     An array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. If the operator is Gt or Lt, the values
 | 
					
						
							|  |  |  |                                                     array must have a single element, which will be interpreted as an integer.
 | 
					
						
							|  |  |  |                                                     This array is replaced during a strategic merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchFields:
 | 
					
						
							|  |  |  |                                             description: A list of node selector requirements by node's fields.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A node selector requirement is a selector that contains values, a key, and an operator
 | 
					
						
							|  |  |  |                                                 that relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: The label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     Represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     An array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. If the operator is Gt or Lt, the values
 | 
					
						
							|  |  |  |                                                     array must have a single element, which will be interpreted as an integer.
 | 
					
						
							|  |  |  |                                                     This array is replaced during a strategic merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                             podAffinity:
 | 
					
						
							|  |  |  |                               description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
 | 
					
						
							|  |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 preferredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The scheduler will prefer to schedule pods to nodes that satisfy
 | 
					
						
							|  |  |  |                                     the affinity expressions specified by this field, but it may choose
 | 
					
						
							|  |  |  |                                     a node that violates one or more of the expressions. The node that is
 | 
					
						
							|  |  |  |                                     most preferred is the one with the greatest sum of weights, i.e.
 | 
					
						
							|  |  |  |                                     for each node that meets all of the scheduling requirements (resource
 | 
					
						
							|  |  |  |                                     request, requiredDuringScheduling affinity expressions, etc.),
 | 
					
						
							|  |  |  |                                     compute a sum by iterating through the elements of this field and adding
 | 
					
						
							|  |  |  |                                     "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
 | 
					
						
							|  |  |  |                                     node(s) with the highest sum are the most preferred.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							|  |  |  |                                     description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
 | 
					
						
							|  |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - podAffinityTerm
 | 
					
						
							|  |  |  |                                       - weight
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       podAffinityTerm:
 | 
					
						
							|  |  |  |                                         description: Required. A pod affinity term, associated with the corresponding weight.
 | 
					
						
							|  |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         required:
 | 
					
						
							|  |  |  |                                           - topologyKey
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           labelSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               A label query over a set of resources, in this case pods.
 | 
					
						
							|  |  |  |                                               If it's null, this PodAffinityTerm matches with no Pods.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             properties:
 | 
					
						
							|  |  |  |                                               matchExpressions:
 | 
					
						
							|  |  |  |                                                 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                                 type: array
 | 
					
						
							|  |  |  |                                                 items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                     relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: object
 | 
					
						
							|  |  |  |                                                   required:
 | 
					
						
							|  |  |  |                                                     - key
 | 
					
						
							|  |  |  |                                                     - operator
 | 
					
						
							|  |  |  |                                                   properties:
 | 
					
						
							|  |  |  |                                                     key:
 | 
					
						
							|  |  |  |                                                       description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                         Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                         the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                         the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                         merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: array
 | 
					
						
							|  |  |  |                                                       items:
 | 
					
						
							|  |  |  |                                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                                 x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                 description: |-
 | 
					
						
							|  |  |  |                                                   matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                                   map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                                   operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                 type: object
 | 
					
						
							|  |  |  |                                                 additionalProperties:
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                           matchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               MatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                               be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                               incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
 | 
					
						
							|  |  |  |                                               to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                               for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                               pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                               This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                           mismatchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               MismatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                               be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                               incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
 | 
					
						
							|  |  |  |                                               to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                               for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                               pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                               This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                           namespaceSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               A label query over the set of namespaces that the term applies to.
 | 
					
						
							|  |  |  |                                               The term is applied to the union of the namespaces selected by this field
 | 
					
						
							|  |  |  |                                               and the ones listed in the namespaces field.
 | 
					
						
							|  |  |  |                                               null selector and null or empty namespaces list means "this pod's namespace".
 | 
					
						
							|  |  |  |                                               An empty selector ({}) matches all namespaces.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             properties:
 | 
					
						
							|  |  |  |                                               matchExpressions:
 | 
					
						
							|  |  |  |                                                 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                                 type: array
 | 
					
						
							|  |  |  |                                                 items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                     relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: object
 | 
					
						
							|  |  |  |                                                   required:
 | 
					
						
							|  |  |  |                                                     - key
 | 
					
						
							|  |  |  |                                                     - operator
 | 
					
						
							|  |  |  |                                                   properties:
 | 
					
						
							|  |  |  |                                                     key:
 | 
					
						
							|  |  |  |                                                       description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                         Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                         the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                         the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                         merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: array
 | 
					
						
							|  |  |  |                                                       items:
 | 
					
						
							|  |  |  |                                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                                 x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                 description: |-
 | 
					
						
							|  |  |  |                                                   matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                                   map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                                   operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                 type: object
 | 
					
						
							|  |  |  |                                                 additionalProperties:
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                           namespaces:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               namespaces specifies a static list of namespace names that the term applies to.
 | 
					
						
							|  |  |  |                                               The term is applied to the union of the namespaces listed in this field
 | 
					
						
							|  |  |  |                                               and the ones selected by namespaceSelector.
 | 
					
						
							|  |  |  |                                               null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           topologyKey:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
 | 
					
						
							|  |  |  |                                               the labelSelector in the specified namespaces, where co-located is defined as running on a node
 | 
					
						
							|  |  |  |                                               whose value of the label with key topologyKey matches that of any node on which any of the
 | 
					
						
							|  |  |  |                                               selected pods is running.
 | 
					
						
							|  |  |  |                                               Empty topologyKey is not allowed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: string
 | 
					
						
							|  |  |  |                                       weight:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           weight associated with matching the corresponding podAffinityTerm,
 | 
					
						
							|  |  |  |                                           in the range 1-100.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: integer
 | 
					
						
							|  |  |  |                                         format: int32
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                 requiredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     If the affinity requirements specified by this field are not met at
 | 
					
						
							|  |  |  |                                     scheduling time, the pod will not be scheduled onto the node.
 | 
					
						
							|  |  |  |                                     If the affinity requirements specified by this field cease to be met
 | 
					
						
							|  |  |  |                                     at some point during pod execution (e.g. due to a pod label update), the
 | 
					
						
							|  |  |  |                                     system may or may not try to eventually evict the pod from its node.
 | 
					
						
							|  |  |  |                                     When there are multiple elements, the lists of nodes corresponding to each
 | 
					
						
							|  |  |  |                                     podAffinityTerm are intersected, i.e. all terms must be satisfied.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                     description: |-
 | 
					
						
							|  |  |  |                                       Defines a set of pods (namely those matching the labelSelector
 | 
					
						
							|  |  |  |                                       relative to the given namespace(s)) that this pod should be
 | 
					
						
							|  |  |  |                                       co-located (affinity) or not co-located (anti-affinity) with,
 | 
					
						
							|  |  |  |                                       where co-located is defined as running on a node whose value of
 | 
					
						
							|  |  |  |                                       the label with key <topologyKey> matches that of any node on which
 | 
					
						
							|  |  |  |                                       a pod of the set of pods is running
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - topologyKey
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       labelSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           A label query over a set of resources, in this case pods.
 | 
					
						
							|  |  |  |                                           If it's null, this PodAffinityTerm matches with no Pods.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                 relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                     merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                               map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                               operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             additionalProperties:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                       matchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           MatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                           be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                           incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
 | 
					
						
							|  |  |  |                                           to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                           for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                           pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                           This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                       mismatchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           MismatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                           be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                           incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
 | 
					
						
							|  |  |  |                                           to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                           for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                           pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                           This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                       namespaceSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           A label query over the set of namespaces that the term applies to.
 | 
					
						
							|  |  |  |                                           The term is applied to the union of the namespaces selected by this field
 | 
					
						
							|  |  |  |                                           and the ones listed in the namespaces field.
 | 
					
						
							|  |  |  |                                           null selector and null or empty namespaces list means "this pod's namespace".
 | 
					
						
							|  |  |  |                                           An empty selector ({}) matches all namespaces.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                 relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                     merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                               map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                               operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             additionalProperties:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                       namespaces:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           namespaces specifies a static list of namespace names that the term applies to.
 | 
					
						
							|  |  |  |                                           The term is applied to the union of the namespaces listed in this field
 | 
					
						
							|  |  |  |                                           and the ones selected by namespaceSelector.
 | 
					
						
							|  |  |  |                                           null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                       topologyKey:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
 | 
					
						
							|  |  |  |                                           the labelSelector in the specified namespaces, where co-located is defined as running on a node
 | 
					
						
							|  |  |  |                                           whose value of the label with key topologyKey matches that of any node on which any of the
 | 
					
						
							|  |  |  |                                           selected pods is running.
 | 
					
						
							|  |  |  |                                           Empty topologyKey is not allowed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                             podAntiAffinity:
 | 
					
						
							|  |  |  |                               description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
 | 
					
						
							|  |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 preferredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The scheduler will prefer to schedule pods to nodes that satisfy
 | 
					
						
							|  |  |  |                                     the anti-affinity expressions specified by this field, but it may choose
 | 
					
						
							|  |  |  |                                     a node that violates one or more of the expressions. The node that is
 | 
					
						
							|  |  |  |                                     most preferred is the one with the greatest sum of weights, i.e.
 | 
					
						
							|  |  |  |                                     for each node that meets all of the scheduling requirements (resource
 | 
					
						
							|  |  |  |                                     request, requiredDuringScheduling anti-affinity expressions, etc.),
 | 
					
						
							|  |  |  |                                     compute a sum by iterating through the elements of this field and adding
 | 
					
						
							|  |  |  |                                     "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
 | 
					
						
							|  |  |  |                                     node(s) with the highest sum are the most preferred.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							|  |  |  |                                     description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
 | 
					
						
							|  |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - podAffinityTerm
 | 
					
						
							|  |  |  |                                       - weight
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       podAffinityTerm:
 | 
					
						
							|  |  |  |                                         description: Required. A pod affinity term, associated with the corresponding weight.
 | 
					
						
							|  |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         required:
 | 
					
						
							|  |  |  |                                           - topologyKey
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           labelSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               A label query over a set of resources, in this case pods.
 | 
					
						
							|  |  |  |                                               If it's null, this PodAffinityTerm matches with no Pods.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             properties:
 | 
					
						
							|  |  |  |                                               matchExpressions:
 | 
					
						
							|  |  |  |                                                 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                                 type: array
 | 
					
						
							|  |  |  |                                                 items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                     relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: object
 | 
					
						
							|  |  |  |                                                   required:
 | 
					
						
							|  |  |  |                                                     - key
 | 
					
						
							|  |  |  |                                                     - operator
 | 
					
						
							|  |  |  |                                                   properties:
 | 
					
						
							|  |  |  |                                                     key:
 | 
					
						
							|  |  |  |                                                       description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                         Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                         the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                         the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                         merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: array
 | 
					
						
							|  |  |  |                                                       items:
 | 
					
						
							|  |  |  |                                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                                 x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                 description: |-
 | 
					
						
							|  |  |  |                                                   matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                                   map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                                   operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                 type: object
 | 
					
						
							|  |  |  |                                                 additionalProperties:
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                           matchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               MatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                               be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                               incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
 | 
					
						
							|  |  |  |                                               to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                               for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                               pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                               This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                           mismatchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               MismatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                               be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                               incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
 | 
					
						
							|  |  |  |                                               to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                               for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                               pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                               This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                           namespaceSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               A label query over the set of namespaces that the term applies to.
 | 
					
						
							|  |  |  |                                               The term is applied to the union of the namespaces selected by this field
 | 
					
						
							|  |  |  |                                               and the ones listed in the namespaces field.
 | 
					
						
							|  |  |  |                                               null selector and null or empty namespaces list means "this pod's namespace".
 | 
					
						
							|  |  |  |                                               An empty selector ({}) matches all namespaces.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             properties:
 | 
					
						
							|  |  |  |                                               matchExpressions:
 | 
					
						
							|  |  |  |                                                 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                                 type: array
 | 
					
						
							|  |  |  |                                                 items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                     relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: object
 | 
					
						
							|  |  |  |                                                   required:
 | 
					
						
							|  |  |  |                                                     - key
 | 
					
						
							|  |  |  |                                                     - operator
 | 
					
						
							|  |  |  |                                                   properties:
 | 
					
						
							|  |  |  |                                                     key:
 | 
					
						
							|  |  |  |                                                       description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                         Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: string
 | 
					
						
							|  |  |  |                                                     values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       description: |-
 | 
					
						
							|  |  |  |                                                         values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                         the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                         the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                         merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                       type: array
 | 
					
						
							|  |  |  |                                                       items:
 | 
					
						
							|  |  |  |                                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                       x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                                 x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                 description: |-
 | 
					
						
							|  |  |  |                                                   matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                                   map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                                   operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                 type: object
 | 
					
						
							|  |  |  |                                                 additionalProperties:
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                             x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                           namespaces:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               namespaces specifies a static list of namespace names that the term applies to.
 | 
					
						
							|  |  |  |                                               The term is applied to the union of the namespaces listed in this field
 | 
					
						
							|  |  |  |                                               and the ones selected by namespaceSelector.
 | 
					
						
							|  |  |  |                                               null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           topologyKey:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
 | 
					
						
							|  |  |  |                                               the labelSelector in the specified namespaces, where co-located is defined as running on a node
 | 
					
						
							|  |  |  |                                               whose value of the label with key topologyKey matches that of any node on which any of the
 | 
					
						
							|  |  |  |                                               selected pods is running.
 | 
					
						
							|  |  |  |                                               Empty topologyKey is not allowed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: string
 | 
					
						
							|  |  |  |                                       weight:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           weight associated with matching the corresponding podAffinityTerm,
 | 
					
						
							|  |  |  |                                           in the range 1-100.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: integer
 | 
					
						
							|  |  |  |                                         format: int32
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                 requiredDuringSchedulingIgnoredDuringExecution:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     If the anti-affinity requirements specified by this field are not met at
 | 
					
						
							|  |  |  |                                     scheduling time, the pod will not be scheduled onto the node.
 | 
					
						
							|  |  |  |                                     If the anti-affinity requirements specified by this field cease to be met
 | 
					
						
							|  |  |  |                                     at some point during pod execution (e.g. due to a pod label update), the
 | 
					
						
							|  |  |  |                                     system may or may not try to eventually evict the pod from its node.
 | 
					
						
							|  |  |  |                                     When there are multiple elements, the lists of nodes corresponding to each
 | 
					
						
							|  |  |  |                                     podAffinityTerm are intersected, i.e. all terms must be satisfied.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                     description: |-
 | 
					
						
							|  |  |  |                                       Defines a set of pods (namely those matching the labelSelector
 | 
					
						
							|  |  |  |                                       relative to the given namespace(s)) that this pod should be
 | 
					
						
							|  |  |  |                                       co-located (affinity) or not co-located (anti-affinity) with,
 | 
					
						
							|  |  |  |                                       where co-located is defined as running on a node whose value of
 | 
					
						
							|  |  |  |                                       the label with key <topologyKey> matches that of any node on which
 | 
					
						
							|  |  |  |                                       a pod of the set of pods is running
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - topologyKey
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       labelSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           A label query over a set of resources, in this case pods.
 | 
					
						
							|  |  |  |                                           If it's null, this PodAffinityTerm matches with no Pods.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                 relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                     merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                               map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                               operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             additionalProperties:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                       matchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           MatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                           be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                           incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
 | 
					
						
							|  |  |  |                                           to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                           for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                           pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                           This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                       mismatchLabelKeys:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           MismatchLabelKeys is a set of pod label keys to select which pods will
 | 
					
						
							|  |  |  |                                           be taken into consideration. The keys are used to lookup values from the
 | 
					
						
							|  |  |  |                                           incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
 | 
					
						
							|  |  |  |                                           to select the group of existing pods which pods will be taken into consideration
 | 
					
						
							|  |  |  |                                           for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
 | 
					
						
							|  |  |  |                                           pod labels will be ignored. The default value is empty.
 | 
					
						
							|  |  |  |                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 | 
					
						
							|  |  |  |                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
 | 
					
						
							|  |  |  |                                           This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                       namespaceSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           A label query over the set of namespaces that the term applies to.
 | 
					
						
							|  |  |  |                                           The term is applied to the union of the namespaces selected by this field
 | 
					
						
							|  |  |  |                                           and the ones listed in the namespaces field.
 | 
					
						
							|  |  |  |                                           null selector and null or empty namespaces list means "this pod's namespace".
 | 
					
						
							|  |  |  |                                           An empty selector ({}) matches all namespaces.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: object
 | 
					
						
							|  |  |  |                                         properties:
 | 
					
						
							|  |  |  |                                           matchExpressions:
 | 
					
						
							|  |  |  |                                             description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
 | 
					
						
							|  |  |  |                                             type: array
 | 
					
						
							|  |  |  |                                             items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                               description: |-
 | 
					
						
							|  |  |  |                                                 A label selector requirement is a selector that contains values, a key, and an operator that
 | 
					
						
							|  |  |  |                                                 relates the key and values.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                               type: object
 | 
					
						
							|  |  |  |                                               required:
 | 
					
						
							|  |  |  |                                                 - key
 | 
					
						
							|  |  |  |                                                 - operator
 | 
					
						
							|  |  |  |                                               properties:
 | 
					
						
							|  |  |  |                                                 key:
 | 
					
						
							|  |  |  |                                                   description: key is the label key that the selector applies to.
 | 
					
						
							|  |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     operator represents a key's relationship to a set of values.
 | 
					
						
							|  |  |  |                                                     Valid operators are In, NotIn, Exists and DoesNotExist.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: string
 | 
					
						
							|  |  |  |                                                 values:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   description: |-
 | 
					
						
							|  |  |  |                                                     values is an array of string values. If the operator is In or NotIn,
 | 
					
						
							|  |  |  |                                                     the values array must be non-empty. If the operator is Exists or DoesNotExist,
 | 
					
						
							|  |  |  |                                                     the values array must be empty. This array is replaced during a strategic
 | 
					
						
							|  |  |  |                                                     merge patch.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                                   type: array
 | 
					
						
							|  |  |  |                                                   items:
 | 
					
						
							|  |  |  |                                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                                   x-kubernetes-list-type: atomic
 | 
					
						
							|  |  |  |                                             x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                           matchLabels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                             description: |-
 | 
					
						
							|  |  |  |                                               matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
 | 
					
						
							|  |  |  |                                               map is equivalent to an element of matchExpressions, whose key field is "key", the
 | 
					
						
							|  |  |  |                                               operator is "In", and the values array contains only "value". The requirements are ANDed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                             type: object
 | 
					
						
							|  |  |  |                                             additionalProperties:
 | 
					
						
							|  |  |  |                                               type: string
 | 
					
						
							|  |  |  |                                         x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                                       namespaces:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           namespaces specifies a static list of namespace names that the term applies to.
 | 
					
						
							|  |  |  |                                           The term is applied to the union of the namespaces listed in this field
 | 
					
						
							|  |  |  |                                           and the ones selected by namespaceSelector.
 | 
					
						
							|  |  |  |                                           null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: array
 | 
					
						
							|  |  |  |                                         items:
 | 
					
						
							|  |  |  |                                           type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                       topologyKey:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
 | 
					
						
							|  |  |  |                                           the labelSelector in the specified namespaces, where co-located is defined as running on a node
 | 
					
						
							|  |  |  |                                           whose value of the label with key topologyKey matches that of any node on which any of the
 | 
					
						
							|  |  |  |                                           selected pods is running.
 | 
					
						
							|  |  |  |                                           Empty topologyKey is not allowed.
 | 
					
						
							| 
									
										
										
										
											2024-04-24 09:31:35 -07:00
										 |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         annotations:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Annotations that will be added to the proxy Pod.
 | 
					
						
							|  |  |  |                             Any annotations specified here will be merged with the default
 | 
					
						
							|  |  |  |                             annotations applied to the Pod by the Tailscale Kubernetes operator.
 | 
					
						
							|  |  |  |                             Annotations must be valid Kubernetes annotations.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: object
 | 
					
						
							|  |  |  |                           additionalProperties:
 | 
					
						
							|  |  |  |                             type: string
 | 
					
						
							|  |  |  |                         imagePullSecrets:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's image pull Secrets.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: array
 | 
					
						
							|  |  |  |                           items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                             description: |-
 | 
					
						
							|  |  |  |                               LocalObjectReference contains enough information to let you locate the
 | 
					
						
							|  |  |  |                               referenced object inside the same namespace.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             type: object
 | 
					
						
							|  |  |  |                             properties:
 | 
					
						
							|  |  |  |                               name:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   Name of the referent.
 | 
					
						
							|  |  |  |                                   This field is effectively required, but due to backwards compatibility is
 | 
					
						
							|  |  |  |                                   allowed to be empty. Instances of this type with an empty value here are
 | 
					
						
							|  |  |  |                                   almost certainly wrong.
 | 
					
						
							|  |  |  |                                   More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 default: ""
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             x-kubernetes-map-type: atomic
 | 
					
						
							|  |  |  |                         labels:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Labels that will be added to the proxy Pod.
 | 
					
						
							|  |  |  |                             Any labels specified here will be merged with the default labels
 | 
					
						
							|  |  |  |                             applied to the Pod by the Tailscale Kubernetes operator.
 | 
					
						
							|  |  |  |                             Label keys and values must be valid Kubernetes label keys and values.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: object
 | 
					
						
							|  |  |  |                           additionalProperties:
 | 
					
						
							|  |  |  |                             type: string
 | 
					
						
							|  |  |  |                         nodeName:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's node name.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: string
 | 
					
						
							|  |  |  |                         nodeSelector:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's node selector.
 | 
					
						
							|  |  |  |                             By default Tailscale Kubernetes operator does not apply any node
 | 
					
						
							|  |  |  |                             selector.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: object
 | 
					
						
							|  |  |  |                           additionalProperties:
 | 
					
						
							|  |  |  |                             type: string
 | 
					
						
							|  |  |  |                         securityContext:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's security context.
 | 
					
						
							|  |  |  |                             By default Tailscale Kubernetes operator does not apply any Pod
 | 
					
						
							|  |  |  |                             security context.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-2
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: object
 | 
					
						
							|  |  |  |                           properties:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                             appArmorProfile:
 | 
					
						
							|  |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 appArmorProfile is the AppArmor options to use by the containers in this pod.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							|  |  |  |                               type: object
 | 
					
						
							|  |  |  |                               required:
 | 
					
						
							|  |  |  |                                 - type
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 localhostProfile:
 | 
					
						
							|  |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     localhostProfile indicates a profile loaded on the node that should be used.
 | 
					
						
							|  |  |  |                                     The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                     Must match the loaded name of the profile.
 | 
					
						
							|  |  |  |                                     Must be set if and only if type is "Localhost".
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 type:
 | 
					
						
							|  |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     type indicates which kind of AppArmor profile will be applied.
 | 
					
						
							|  |  |  |                                     Valid options are:
 | 
					
						
							|  |  |  |                                       Localhost - a profile pre-loaded on the node.
 | 
					
						
							|  |  |  |                                       RuntimeDefault - the container runtime's default profile.
 | 
					
						
							|  |  |  |                                       Unconfined - no AppArmor enforcement.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             fsGroup:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 A special supplemental group that applies to all containers in a pod.
 | 
					
						
							|  |  |  |                                 Some volume types allow the Kubelet to change the ownership of that volume
 | 
					
						
							|  |  |  |                                 to be owned by the pod:
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                 1. The owning GID will be the FSGroup
 | 
					
						
							|  |  |  |                                 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 | 
					
						
							|  |  |  |                                 3. The permission bits are OR'd with rw-rw----
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: integer
 | 
					
						
							|  |  |  |                               format: int64
 | 
					
						
							|  |  |  |                             fsGroupChangePolicy:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 | 
					
						
							|  |  |  |                                 before being exposed inside Pod. This field will only apply to
 | 
					
						
							|  |  |  |                                 volume types which support fsGroup based ownership(and permissions).
 | 
					
						
							|  |  |  |                                 It will have no effect on ephemeral volume types such as: secret, configmaps
 | 
					
						
							|  |  |  |                                 and emptydir.
 | 
					
						
							|  |  |  |                                 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: string
 | 
					
						
							|  |  |  |                             runAsGroup:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 The GID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                 Uses runtime default if unset.
 | 
					
						
							|  |  |  |                                 May also be set in SecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                 PodSecurityContext, the value specified in SecurityContext takes precedence
 | 
					
						
							|  |  |  |                                 for that container.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: integer
 | 
					
						
							|  |  |  |                               format: int64
 | 
					
						
							|  |  |  |                             runAsNonRoot:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Indicates that the container must run as a non-root user.
 | 
					
						
							|  |  |  |                                 If true, the Kubelet will validate the image at runtime to ensure that it
 | 
					
						
							|  |  |  |                                 does not run as UID 0 (root) and fail to start the container if it does.
 | 
					
						
							|  |  |  |                                 If unset or false, no such validation will be performed.
 | 
					
						
							|  |  |  |                                 May also be set in SecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                 PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: boolean
 | 
					
						
							|  |  |  |                             runAsUser:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 The UID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                 Defaults to user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                 May also be set in SecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                 PodSecurityContext, the value specified in SecurityContext takes precedence
 | 
					
						
							|  |  |  |                                 for that container.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: integer
 | 
					
						
							|  |  |  |                               format: int64
 | 
					
						
							|  |  |  |                             seLinuxOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 The SELinux context to be applied to all containers.
 | 
					
						
							|  |  |  |                                 If unspecified, the container runtime will allocate a random SELinux context for each
 | 
					
						
							|  |  |  |                                 container.  May also be set in SecurityContext.  If set in
 | 
					
						
							|  |  |  |                                 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 | 
					
						
							|  |  |  |                                 takes precedence for that container.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 level:
 | 
					
						
							|  |  |  |                                   description: Level is SELinux level label that applies to the container.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 role:
 | 
					
						
							|  |  |  |                                   description: Role is a SELinux role label that applies to the container.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 type:
 | 
					
						
							|  |  |  |                                   description: Type is a SELinux type label that applies to the container.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 user:
 | 
					
						
							|  |  |  |                                   description: User is a SELinux user label that applies to the container.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                             seccompProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 The seccomp options to use by the containers in this pod.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               required:
 | 
					
						
							|  |  |  |                                 - type
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 localhostProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     localhostProfile indicates a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                     The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                     Must be a descending path, relative to the kubelet's configured seccomp profile location.
 | 
					
						
							|  |  |  |                                     Must be set if type is "Localhost". Must NOT be set for any other type.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 type:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     type indicates which kind of seccomp profile will be applied.
 | 
					
						
							|  |  |  |                                     Valid options are:
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                     Localhost - a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                     RuntimeDefault - the container runtime default profile should be used.
 | 
					
						
							|  |  |  |                                     Unconfined - no profile should be applied.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                             supplementalGroups:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 A list of groups applied to the first process run in each container, in addition
 | 
					
						
							|  |  |  |                                 to the container's primary GID, the fsGroup (if specified), and group memberships
 | 
					
						
							|  |  |  |                                 defined in the container image for the uid of the container process. If unspecified,
 | 
					
						
							|  |  |  |                                 no additional groups are added to any container. Note that group memberships
 | 
					
						
							|  |  |  |                                 defined in the container image for the uid of the container process are still effective,
 | 
					
						
							|  |  |  |                                 even if they are not included in this list.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: array
 | 
					
						
							|  |  |  |                               items:
 | 
					
						
							|  |  |  |                                 type: integer
 | 
					
						
							|  |  |  |                                 format: int64
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             sysctls:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 | 
					
						
							|  |  |  |                                 sysctls (by the container runtime) might fail to launch.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: array
 | 
					
						
							|  |  |  |                               items:
 | 
					
						
							|  |  |  |                                 description: Sysctl defines a kernel parameter to be set
 | 
					
						
							|  |  |  |                                 type: object
 | 
					
						
							|  |  |  |                                 required:
 | 
					
						
							|  |  |  |                                   - name
 | 
					
						
							|  |  |  |                                   - value
 | 
					
						
							|  |  |  |                                 properties:
 | 
					
						
							|  |  |  |                                   name:
 | 
					
						
							|  |  |  |                                     description: Name of a property to set
 | 
					
						
							|  |  |  |                                     type: string
 | 
					
						
							|  |  |  |                                   value:
 | 
					
						
							|  |  |  |                                     description: Value of a property to set
 | 
					
						
							|  |  |  |                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             windowsOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 The Windows specific settings applied to all containers.
 | 
					
						
							|  |  |  |                                 If unspecified, the options within a container's SecurityContext will be used.
 | 
					
						
							|  |  |  |                                 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                 Note that this field cannot be set when spec.os.name is linux.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 gmsaCredentialSpec:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     GMSACredentialSpec is where the GMSA admission webhook
 | 
					
						
							|  |  |  |                                     (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
 | 
					
						
							|  |  |  |                                     GMSA credential spec named by the GMSACredentialSpecName field.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 gmsaCredentialSpecName:
 | 
					
						
							|  |  |  |                                   description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
 | 
					
						
							|  |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 hostProcess:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     HostProcess determines if a container should be run as a 'Host Process' container.
 | 
					
						
							|  |  |  |                                     All of a Pod's containers must have the same effective HostProcess value
 | 
					
						
							|  |  |  |                                     (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
 | 
					
						
							|  |  |  |                                     In addition, if HostProcess is true then HostNetwork must also be set to true.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 runAsUserName:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The UserName in Windows to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                     Defaults to the user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext. If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                         tailscaleContainer:
 | 
					
						
							|  |  |  |                           description: Configuration for the proxy container running tailscale.
 | 
					
						
							|  |  |  |                           type: object
 | 
					
						
							|  |  |  |                           properties:
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                             env:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 List of environment variables to set in the container.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
 | 
					
						
							|  |  |  |                                 Note that environment variables provided here will take precedence
 | 
					
						
							|  |  |  |                                 over Tailscale-specific environment variables set by the operator,
 | 
					
						
							|  |  |  |                                 however running proxies with custom values for Tailscale environment
 | 
					
						
							|  |  |  |                                 variables (i.e TS_USERSPACE) is not recommended and might break in
 | 
					
						
							|  |  |  |                                 the future.
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                               type: array
 | 
					
						
							|  |  |  |                               items:
 | 
					
						
							|  |  |  |                                 type: object
 | 
					
						
							|  |  |  |                                 required:
 | 
					
						
							|  |  |  |                                   - name
 | 
					
						
							|  |  |  |                                 properties:
 | 
					
						
							|  |  |  |                                   name:
 | 
					
						
							|  |  |  |                                     description: Name of the environment variable. Must be a C_IDENTIFIER.
 | 
					
						
							|  |  |  |                                     type: string
 | 
					
						
							|  |  |  |                                     pattern: ^[-._a-zA-Z][-._a-zA-Z0-9]*$
 | 
					
						
							|  |  |  |                                   value:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                     description: |-
 | 
					
						
							|  |  |  |                                       Variable references $(VAR_NAME) are expanded using the previously defined
 | 
					
						
							|  |  |  |                                        environment variables in the container and any service environment
 | 
					
						
							|  |  |  |                                       variables. If a variable cannot be resolved, the reference in the input
 | 
					
						
							|  |  |  |                                       string will be unchanged. Double $$ are reduced to a single $, which
 | 
					
						
							|  |  |  |                                       allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 | 
					
						
							|  |  |  |                                       produce the string literal "$(VAR_NAME)". Escaped references will never
 | 
					
						
							|  |  |  |                                       be expanded, regardless of whether the variable exists or not. Defaults
 | 
					
						
							|  |  |  |                                       to "".
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                             image:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container image name. By default images are pulled from
 | 
					
						
							|  |  |  |                                 docker.io/tailscale/tailscale, but the official images are also
 | 
					
						
							|  |  |  |                                 available at ghcr.io/tailscale/tailscale. Specifying image name here
 | 
					
						
							|  |  |  |                                 will override any proxy image values specified via the Kubernetes
 | 
					
						
							|  |  |  |                                 operator's Helm chart values or PROXY_IMAGE env var in the operator
 | 
					
						
							|  |  |  |                                 Deployment.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                               type: string
 | 
					
						
							|  |  |  |                             imagePullPolicy:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                               type: string
 | 
					
						
							|  |  |  |                               enum:
 | 
					
						
							|  |  |  |                                 - Always
 | 
					
						
							|  |  |  |                                 - Never
 | 
					
						
							|  |  |  |                                 - IfNotPresent
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             resources:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container resource requirements.
 | 
					
						
							|  |  |  |                                 By default Tailscale Kubernetes operator does not apply any resource
 | 
					
						
							|  |  |  |                                 requirements. The amount of resources required wil depend on the
 | 
					
						
							|  |  |  |                                 amount of resources the operator needs to parse, usage patterns and
 | 
					
						
							|  |  |  |                                 cluster size.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 claims:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Claims lists the names of resources, defined in spec.resourceClaims,
 | 
					
						
							|  |  |  |                                     that are used by this container.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                     This is an alpha field and requires enabling the
 | 
					
						
							|  |  |  |                                     DynamicResourceAllocation feature gate.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                     This field is immutable. It can only be set for containers.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							|  |  |  |                                     description: ResourceClaim references one entry in PodSpec.ResourceClaims.
 | 
					
						
							|  |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - name
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       name:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           Name must match the name of one entry in pod.spec.resourceClaims of
 | 
					
						
							|  |  |  |                                           the Pod where this field is used. It makes that resource available
 | 
					
						
							|  |  |  |                                           inside a container.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                         type: string
 | 
					
						
							|  |  |  |                                   x-kubernetes-list-map-keys:
 | 
					
						
							|  |  |  |                                     - name
 | 
					
						
							|  |  |  |                                   x-kubernetes-list-type: map
 | 
					
						
							|  |  |  |                                 limits:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Limits describes the maximum amount of compute resources allowed.
 | 
					
						
							|  |  |  |                                     More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   additionalProperties:
 | 
					
						
							|  |  |  |                                     pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
 | 
					
						
							|  |  |  |                                     anyOf:
 | 
					
						
							|  |  |  |                                       - type: integer
 | 
					
						
							|  |  |  |                                       - type: string
 | 
					
						
							|  |  |  |                                     x-kubernetes-int-or-string: true
 | 
					
						
							|  |  |  |                                 requests:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Requests describes the minimum amount of compute resources required.
 | 
					
						
							|  |  |  |                                     If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
 | 
					
						
							|  |  |  |                                     otherwise to an implementation-defined value. Requests cannot exceed Limits.
 | 
					
						
							|  |  |  |                                     More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   additionalProperties:
 | 
					
						
							|  |  |  |                                     pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
 | 
					
						
							|  |  |  |                                     anyOf:
 | 
					
						
							|  |  |  |                                       - type: integer
 | 
					
						
							|  |  |  |                                       - type: string
 | 
					
						
							|  |  |  |                                     x-kubernetes-int-or-string: true
 | 
					
						
							|  |  |  |                             securityContext:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container security context.
 | 
					
						
							|  |  |  |                                 Security context specified here will override the security context by the operator.
 | 
					
						
							|  |  |  |                                 By default the operator:
 | 
					
						
							|  |  |  |                                 - sets 'privileged: true' for the init container
 | 
					
						
							|  |  |  |                                 - set NET_ADMIN capability for tailscale container for proxies that
 | 
					
						
							|  |  |  |                                 are created for Services or Connector.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 allowPrivilegeEscalation:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     AllowPrivilegeEscalation controls whether a process can gain more
 | 
					
						
							|  |  |  |                                     privileges than its parent process. This bool directly controls if
 | 
					
						
							|  |  |  |                                     the no_new_privs flag will be set on the container process.
 | 
					
						
							|  |  |  |                                     AllowPrivilegeEscalation is true always when the container is:
 | 
					
						
							|  |  |  |                                     1) run as Privileged
 | 
					
						
							|  |  |  |                                     2) has CAP_SYS_ADMIN
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 appArmorProfile:
 | 
					
						
							|  |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     appArmorProfile is the AppArmor options to use by this container. If set, this profile
 | 
					
						
							|  |  |  |                                     overrides the pod's appArmorProfile.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							|  |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   required:
 | 
					
						
							|  |  |  |                                     - type
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     localhostProfile:
 | 
					
						
							|  |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         localhostProfile indicates a profile loaded on the node that should be used.
 | 
					
						
							|  |  |  |                                         The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                         Must match the loaded name of the profile.
 | 
					
						
							|  |  |  |                                         Must be set if and only if type is "Localhost".
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							|  |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         type indicates which kind of AppArmor profile will be applied.
 | 
					
						
							|  |  |  |                                         Valid options are:
 | 
					
						
							|  |  |  |                                           Localhost - a profile pre-loaded on the node.
 | 
					
						
							|  |  |  |                                           RuntimeDefault - the container runtime's default profile.
 | 
					
						
							|  |  |  |                                           Unconfined - no AppArmor enforcement.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 capabilities:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The capabilities to add/drop when running containers.
 | 
					
						
							|  |  |  |                                     Defaults to the default set of capabilities granted by the container runtime.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     add:
 | 
					
						
							|  |  |  |                                       description: Added capabilities
 | 
					
						
							|  |  |  |                                       type: array
 | 
					
						
							|  |  |  |                                       items:
 | 
					
						
							|  |  |  |                                         description: Capability represent POSIX capabilities type
 | 
					
						
							|  |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                     drop:
 | 
					
						
							|  |  |  |                                       description: Removed capabilities
 | 
					
						
							|  |  |  |                                       type: array
 | 
					
						
							|  |  |  |                                       items:
 | 
					
						
							|  |  |  |                                         description: Capability represent POSIX capabilities type
 | 
					
						
							|  |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 privileged:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Run container in privileged mode.
 | 
					
						
							|  |  |  |                                     Processes in privileged containers are essentially equivalent to root on the host.
 | 
					
						
							|  |  |  |                                     Defaults to false.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 procMount:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     procMount denotes the type of proc mount to use for the containers.
 | 
					
						
							|  |  |  |                                     The default is DefaultProcMount which uses the container runtime defaults for
 | 
					
						
							|  |  |  |                                     readonly paths and masked paths.
 | 
					
						
							|  |  |  |                                     This requires the ProcMountType feature flag to be enabled.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 readOnlyRootFilesystem:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Whether this container has a read-only root filesystem.
 | 
					
						
							|  |  |  |                                     Default is false.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 runAsGroup:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The GID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                     Uses runtime default if unset.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: integer
 | 
					
						
							|  |  |  |                                   format: int64
 | 
					
						
							|  |  |  |                                 runAsNonRoot:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Indicates that the container must run as a non-root user.
 | 
					
						
							|  |  |  |                                     If true, the Kubelet will validate the image at runtime to ensure that it
 | 
					
						
							|  |  |  |                                     does not run as UID 0 (root) and fail to start the container if it does.
 | 
					
						
							|  |  |  |                                     If unset or false, no such validation will be performed.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 runAsUser:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The UID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                     Defaults to user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: integer
 | 
					
						
							|  |  |  |                                   format: int64
 | 
					
						
							|  |  |  |                                 seLinuxOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The SELinux context to be applied to the container.
 | 
					
						
							|  |  |  |                                     If unspecified, the container runtime will allocate a random SELinux context for each
 | 
					
						
							|  |  |  |                                     container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     level:
 | 
					
						
							|  |  |  |                                       description: Level is SELinux level label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     role:
 | 
					
						
							|  |  |  |                                       description: Role is a SELinux role label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							|  |  |  |                                       description: Type is a SELinux type label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     user:
 | 
					
						
							|  |  |  |                                       description: User is a SELinux user label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                 seccompProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The seccomp options to use by this container. If seccomp options are
 | 
					
						
							|  |  |  |                                     provided at both the pod & container level, the container options
 | 
					
						
							|  |  |  |                                     override the pod options.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   required:
 | 
					
						
							|  |  |  |                                     - type
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     localhostProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         localhostProfile indicates a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                         The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                         Must be a descending path, relative to the kubelet's configured seccomp profile location.
 | 
					
						
							|  |  |  |                                         Must be set if type is "Localhost". Must NOT be set for any other type.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         type indicates which kind of seccomp profile will be applied.
 | 
					
						
							|  |  |  |                                         Valid options are:
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                         Localhost - a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                         RuntimeDefault - the container runtime default profile should be used.
 | 
					
						
							|  |  |  |                                         Unconfined - no profile should be applied.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                 windowsOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The Windows specific settings applied to all containers.
 | 
					
						
							|  |  |  |                                     If unspecified, the options from the PodSecurityContext will be used.
 | 
					
						
							|  |  |  |                                     If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is linux.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     gmsaCredentialSpec:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         GMSACredentialSpec is where the GMSA admission webhook
 | 
					
						
							|  |  |  |                                         (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
 | 
					
						
							|  |  |  |                                         GMSA credential spec named by the GMSACredentialSpecName field.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     gmsaCredentialSpecName:
 | 
					
						
							|  |  |  |                                       description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     hostProcess:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         HostProcess determines if a container should be run as a 'Host Process' container.
 | 
					
						
							|  |  |  |                                         All of a Pod's containers must have the same effective HostProcess value
 | 
					
						
							|  |  |  |                                         (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
 | 
					
						
							|  |  |  |                                         In addition, if HostProcess is true then HostNetwork must also be set to true.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: boolean
 | 
					
						
							|  |  |  |                                     runAsUserName:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         The UserName in Windows to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                         Defaults to the user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                         May also be set in PodSecurityContext. If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                         PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                         tailscaleInitContainer:
 | 
					
						
							|  |  |  |                           description: Configuration for the proxy init container that enables forwarding.
 | 
					
						
							|  |  |  |                           type: object
 | 
					
						
							|  |  |  |                           properties:
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                             env:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 List of environment variables to set in the container.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
 | 
					
						
							|  |  |  |                                 Note that environment variables provided here will take precedence
 | 
					
						
							|  |  |  |                                 over Tailscale-specific environment variables set by the operator,
 | 
					
						
							|  |  |  |                                 however running proxies with custom values for Tailscale environment
 | 
					
						
							|  |  |  |                                 variables (i.e TS_USERSPACE) is not recommended and might break in
 | 
					
						
							|  |  |  |                                 the future.
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                               type: array
 | 
					
						
							|  |  |  |                               items:
 | 
					
						
							|  |  |  |                                 type: object
 | 
					
						
							|  |  |  |                                 required:
 | 
					
						
							|  |  |  |                                   - name
 | 
					
						
							|  |  |  |                                 properties:
 | 
					
						
							|  |  |  |                                   name:
 | 
					
						
							|  |  |  |                                     description: Name of the environment variable. Must be a C_IDENTIFIER.
 | 
					
						
							|  |  |  |                                     type: string
 | 
					
						
							|  |  |  |                                     pattern: ^[-._a-zA-Z][-._a-zA-Z0-9]*$
 | 
					
						
							|  |  |  |                                   value:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                     description: |-
 | 
					
						
							|  |  |  |                                       Variable references $(VAR_NAME) are expanded using the previously defined
 | 
					
						
							|  |  |  |                                        environment variables in the container and any service environment
 | 
					
						
							|  |  |  |                                       variables. If a variable cannot be resolved, the reference in the input
 | 
					
						
							|  |  |  |                                       string will be unchanged. Double $$ are reduced to a single $, which
 | 
					
						
							|  |  |  |                                       allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 | 
					
						
							|  |  |  |                                       produce the string literal "$(VAR_NAME)". Escaped references will never
 | 
					
						
							|  |  |  |                                       be expanded, regardless of whether the variable exists or not. Defaults
 | 
					
						
							|  |  |  |                                       to "".
 | 
					
						
							| 
									
										
										
										
											2024-04-15 17:24:59 +01:00
										 |  |  |                                     type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                             image:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container image name. By default images are pulled from
 | 
					
						
							|  |  |  |                                 docker.io/tailscale/tailscale, but the official images are also
 | 
					
						
							|  |  |  |                                 available at ghcr.io/tailscale/tailscale. Specifying image name here
 | 
					
						
							|  |  |  |                                 will override any proxy image values specified via the Kubernetes
 | 
					
						
							|  |  |  |                                 operator's Helm chart values or PROXY_IMAGE env var in the operator
 | 
					
						
							|  |  |  |                                 Deployment.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                               type: string
 | 
					
						
							|  |  |  |                             imagePullPolicy:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#image
 | 
					
						
							| 
									
										
										
										
											2024-06-07 16:18:44 +01:00
										 |  |  |                               type: string
 | 
					
						
							|  |  |  |                               enum:
 | 
					
						
							|  |  |  |                                 - Always
 | 
					
						
							|  |  |  |                                 - Never
 | 
					
						
							|  |  |  |                                 - IfNotPresent
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             resources:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container resource requirements.
 | 
					
						
							|  |  |  |                                 By default Tailscale Kubernetes operator does not apply any resource
 | 
					
						
							|  |  |  |                                 requirements. The amount of resources required wil depend on the
 | 
					
						
							|  |  |  |                                 amount of resources the operator needs to parse, usage patterns and
 | 
					
						
							|  |  |  |                                 cluster size.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 claims:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Claims lists the names of resources, defined in spec.resourceClaims,
 | 
					
						
							|  |  |  |                                     that are used by this container.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                     This is an alpha field and requires enabling the
 | 
					
						
							|  |  |  |                                     DynamicResourceAllocation feature gate.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                     This field is immutable. It can only be set for containers.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: array
 | 
					
						
							|  |  |  |                                   items:
 | 
					
						
							|  |  |  |                                     description: ResourceClaim references one entry in PodSpec.ResourceClaims.
 | 
					
						
							|  |  |  |                                     type: object
 | 
					
						
							|  |  |  |                                     required:
 | 
					
						
							|  |  |  |                                       - name
 | 
					
						
							|  |  |  |                                     properties:
 | 
					
						
							|  |  |  |                                       name:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                         description: |-
 | 
					
						
							|  |  |  |                                           Name must match the name of one entry in pod.spec.resourceClaims of
 | 
					
						
							|  |  |  |                                           the Pod where this field is used. It makes that resource available
 | 
					
						
							|  |  |  |                                           inside a container.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                         type: string
 | 
					
						
							|  |  |  |                                   x-kubernetes-list-map-keys:
 | 
					
						
							|  |  |  |                                     - name
 | 
					
						
							|  |  |  |                                   x-kubernetes-list-type: map
 | 
					
						
							|  |  |  |                                 limits:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Limits describes the maximum amount of compute resources allowed.
 | 
					
						
							|  |  |  |                                     More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   additionalProperties:
 | 
					
						
							|  |  |  |                                     pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
 | 
					
						
							|  |  |  |                                     anyOf:
 | 
					
						
							|  |  |  |                                       - type: integer
 | 
					
						
							|  |  |  |                                       - type: string
 | 
					
						
							|  |  |  |                                     x-kubernetes-int-or-string: true
 | 
					
						
							|  |  |  |                                 requests:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Requests describes the minimum amount of compute resources required.
 | 
					
						
							|  |  |  |                                     If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
 | 
					
						
							|  |  |  |                                     otherwise to an implementation-defined value. Requests cannot exceed Limits.
 | 
					
						
							|  |  |  |                                     More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   additionalProperties:
 | 
					
						
							|  |  |  |                                     pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
 | 
					
						
							|  |  |  |                                     anyOf:
 | 
					
						
							|  |  |  |                                       - type: integer
 | 
					
						
							|  |  |  |                                       - type: string
 | 
					
						
							|  |  |  |                                     x-kubernetes-int-or-string: true
 | 
					
						
							|  |  |  |                             securityContext:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                               description: |-
 | 
					
						
							|  |  |  |                                 Container security context.
 | 
					
						
							|  |  |  |                                 Security context specified here will override the security context by the operator.
 | 
					
						
							|  |  |  |                                 By default the operator:
 | 
					
						
							|  |  |  |                                 - sets 'privileged: true' for the init container
 | 
					
						
							|  |  |  |                                 - set NET_ADMIN capability for tailscale container for proxies that
 | 
					
						
							|  |  |  |                                 are created for Services or Connector.
 | 
					
						
							|  |  |  |                                 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                               type: object
 | 
					
						
							|  |  |  |                               properties:
 | 
					
						
							|  |  |  |                                 allowPrivilegeEscalation:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     AllowPrivilegeEscalation controls whether a process can gain more
 | 
					
						
							|  |  |  |                                     privileges than its parent process. This bool directly controls if
 | 
					
						
							|  |  |  |                                     the no_new_privs flag will be set on the container process.
 | 
					
						
							|  |  |  |                                     AllowPrivilegeEscalation is true always when the container is:
 | 
					
						
							|  |  |  |                                     1) run as Privileged
 | 
					
						
							|  |  |  |                                     2) has CAP_SYS_ADMIN
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 appArmorProfile:
 | 
					
						
							|  |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     appArmorProfile is the AppArmor options to use by this container. If set, this profile
 | 
					
						
							|  |  |  |                                     overrides the pod's appArmorProfile.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							|  |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   required:
 | 
					
						
							|  |  |  |                                     - type
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     localhostProfile:
 | 
					
						
							|  |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         localhostProfile indicates a profile loaded on the node that should be used.
 | 
					
						
							|  |  |  |                                         The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                         Must match the loaded name of the profile.
 | 
					
						
							|  |  |  |                                         Must be set if and only if type is "Localhost".
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							|  |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         type indicates which kind of AppArmor profile will be applied.
 | 
					
						
							|  |  |  |                                         Valid options are:
 | 
					
						
							|  |  |  |                                           Localhost - a profile pre-loaded on the node.
 | 
					
						
							|  |  |  |                                           RuntimeDefault - the container runtime's default profile.
 | 
					
						
							|  |  |  |                                           Unconfined - no AppArmor enforcement.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 capabilities:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The capabilities to add/drop when running containers.
 | 
					
						
							|  |  |  |                                     Defaults to the default set of capabilities granted by the container runtime.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     add:
 | 
					
						
							|  |  |  |                                       description: Added capabilities
 | 
					
						
							|  |  |  |                                       type: array
 | 
					
						
							|  |  |  |                                       items:
 | 
					
						
							|  |  |  |                                         description: Capability represent POSIX capabilities type
 | 
					
						
							|  |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                     drop:
 | 
					
						
							|  |  |  |                                       description: Removed capabilities
 | 
					
						
							|  |  |  |                                       type: array
 | 
					
						
							|  |  |  |                                       items:
 | 
					
						
							|  |  |  |                                         description: Capability represent POSIX capabilities type
 | 
					
						
							|  |  |  |                                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       x-kubernetes-list-type: atomic
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 privileged:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Run container in privileged mode.
 | 
					
						
							|  |  |  |                                     Processes in privileged containers are essentially equivalent to root on the host.
 | 
					
						
							|  |  |  |                                     Defaults to false.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 procMount:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     procMount denotes the type of proc mount to use for the containers.
 | 
					
						
							|  |  |  |                                     The default is DefaultProcMount which uses the container runtime defaults for
 | 
					
						
							|  |  |  |                                     readonly paths and masked paths.
 | 
					
						
							|  |  |  |                                     This requires the ProcMountType feature flag to be enabled.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: string
 | 
					
						
							|  |  |  |                                 readOnlyRootFilesystem:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Whether this container has a read-only root filesystem.
 | 
					
						
							|  |  |  |                                     Default is false.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 runAsGroup:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The GID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                     Uses runtime default if unset.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: integer
 | 
					
						
							|  |  |  |                                   format: int64
 | 
					
						
							|  |  |  |                                 runAsNonRoot:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     Indicates that the container must run as a non-root user.
 | 
					
						
							|  |  |  |                                     If true, the Kubelet will validate the image at runtime to ensure that it
 | 
					
						
							|  |  |  |                                     does not run as UID 0 (root) and fail to start the container if it does.
 | 
					
						
							|  |  |  |                                     If unset or false, no such validation will be performed.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: boolean
 | 
					
						
							|  |  |  |                                 runAsUser:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The UID to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                     Defaults to user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                     May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: integer
 | 
					
						
							|  |  |  |                                   format: int64
 | 
					
						
							|  |  |  |                                 seLinuxOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The SELinux context to be applied to the container.
 | 
					
						
							|  |  |  |                                     If unspecified, the container runtime will allocate a random SELinux context for each
 | 
					
						
							|  |  |  |                                     container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                     PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     level:
 | 
					
						
							|  |  |  |                                       description: Level is SELinux level label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     role:
 | 
					
						
							|  |  |  |                                       description: Role is a SELinux role label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							|  |  |  |                                       description: Type is a SELinux type label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     user:
 | 
					
						
							|  |  |  |                                       description: User is a SELinux user label that applies to the container.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                 seccompProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The seccomp options to use by this container. If seccomp options are
 | 
					
						
							|  |  |  |                                     provided at both the pod & container level, the container options
 | 
					
						
							|  |  |  |                                     override the pod options.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is windows.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   required:
 | 
					
						
							|  |  |  |                                     - type
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     localhostProfile:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         localhostProfile indicates a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                         The profile must be preconfigured on the node to work.
 | 
					
						
							|  |  |  |                                         Must be a descending path, relative to the kubelet's configured seccomp profile location.
 | 
					
						
							|  |  |  |                                         Must be set if type is "Localhost". Must NOT be set for any other type.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     type:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         type indicates which kind of seccomp profile will be applied.
 | 
					
						
							|  |  |  |                                         Valid options are:
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                                         Localhost - a profile defined in a file on the node should be used.
 | 
					
						
							|  |  |  |                                         RuntimeDefault - the container runtime default profile should be used.
 | 
					
						
							|  |  |  |                                         Unconfined - no profile should be applied.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                 windowsOptions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                   description: |-
 | 
					
						
							|  |  |  |                                     The Windows specific settings applied to all containers.
 | 
					
						
							|  |  |  |                                     If unspecified, the options from the PodSecurityContext will be used.
 | 
					
						
							|  |  |  |                                     If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							|  |  |  |                                     Note that this field cannot be set when spec.os.name is linux.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                   type: object
 | 
					
						
							|  |  |  |                                   properties:
 | 
					
						
							|  |  |  |                                     gmsaCredentialSpec:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         GMSACredentialSpec is where the GMSA admission webhook
 | 
					
						
							|  |  |  |                                         (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
 | 
					
						
							|  |  |  |                                         GMSA credential spec named by the GMSACredentialSpecName field.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     gmsaCredentialSpecName:
 | 
					
						
							|  |  |  |                                       description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
 | 
					
						
							|  |  |  |                                       type: string
 | 
					
						
							|  |  |  |                                     hostProcess:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         HostProcess determines if a container should be run as a 'Host Process' container.
 | 
					
						
							|  |  |  |                                         All of a Pod's containers must have the same effective HostProcess value
 | 
					
						
							|  |  |  |                                         (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
 | 
					
						
							|  |  |  |                                         In addition, if HostProcess is true then HostNetwork must also be set to true.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: boolean
 | 
					
						
							|  |  |  |                                     runAsUserName:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                       description: |-
 | 
					
						
							|  |  |  |                                         The UserName in Windows to run the entrypoint of the container process.
 | 
					
						
							|  |  |  |                                         Defaults to the user specified in image metadata if unspecified.
 | 
					
						
							|  |  |  |                                         May also be set in PodSecurityContext. If set in both SecurityContext and
 | 
					
						
							|  |  |  |                                         PodSecurityContext, the value specified in SecurityContext takes precedence.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                       type: string
 | 
					
						
							|  |  |  |                         tolerations:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                           description: |-
 | 
					
						
							|  |  |  |                             Proxy Pod's tolerations.
 | 
					
						
							|  |  |  |                             By default Tailscale Kubernetes operator does not apply any
 | 
					
						
							|  |  |  |                             tolerations.
 | 
					
						
							|  |  |  |                             https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                           type: array
 | 
					
						
							|  |  |  |                           items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                             description: |-
 | 
					
						
							|  |  |  |                               The pod this Toleration is attached to tolerates any taint that matches
 | 
					
						
							|  |  |  |                               the triple <key,value,effect> using the matching operator <operator>.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                             type: object
 | 
					
						
							|  |  |  |                             properties:
 | 
					
						
							|  |  |  |                               effect:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   Effect indicates the taint effect to match. Empty means match all taint effects.
 | 
					
						
							|  |  |  |                                   When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: string
 | 
					
						
							|  |  |  |                               key:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   Key is the taint key that the toleration applies to. Empty means match all taint keys.
 | 
					
						
							|  |  |  |                                   If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: string
 | 
					
						
							|  |  |  |                               operator:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   Operator represents a key's relationship to the value.
 | 
					
						
							|  |  |  |                                   Valid operators are Exists and Equal. Defaults to Equal.
 | 
					
						
							|  |  |  |                                   Exists is equivalent to wildcard for value, so that a pod can
 | 
					
						
							|  |  |  |                                   tolerate all taints of a particular category.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: string
 | 
					
						
							|  |  |  |                               tolerationSeconds:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   TolerationSeconds represents the period of time the toleration (which must be
 | 
					
						
							|  |  |  |                                   of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
 | 
					
						
							|  |  |  |                                   it is not set, which means tolerate the taint forever (do not evict). Zero and
 | 
					
						
							|  |  |  |                                   negative values will be treated as 0 (evict immediately) by the system.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: integer
 | 
					
						
							|  |  |  |                                 format: int64
 | 
					
						
							|  |  |  |                               value:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                                 description: |-
 | 
					
						
							|  |  |  |                                   Value is the taint value the toleration matches to.
 | 
					
						
							|  |  |  |                                   If the operator is Exists, the value should be empty, otherwise just a regular string.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                                 type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-07 19:56:42 +01:00
										 |  |  |                 tailscale:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                   description: |-
 | 
					
						
							|  |  |  |                     TailscaleConfig contains options to configure the tailscale-specific
 | 
					
						
							|  |  |  |                     parameters of proxies.
 | 
					
						
							| 
									
										
										
										
											2024-06-07 19:56:42 +01:00
										 |  |  |                   type: object
 | 
					
						
							|  |  |  |                   properties:
 | 
					
						
							|  |  |  |                     acceptRoutes:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                       description: |-
 | 
					
						
							|  |  |  |                         AcceptRoutes can be set to true to make the proxy instance accept
 | 
					
						
							|  |  |  |                         routes advertized by other nodes on the tailnet, such as subnet
 | 
					
						
							|  |  |  |                         routes.
 | 
					
						
							|  |  |  |                         This is equivalent of passing --accept-routes flag to a tailscale Linux client.
 | 
					
						
							|  |  |  |                         https://tailscale.com/kb/1019/subnets#use-your-subnet-routes-from-other-machines
 | 
					
						
							|  |  |  |                         Defaults to false.
 | 
					
						
							| 
									
										
										
										
											2024-06-07 19:56:42 +01:00
										 |  |  |                       type: boolean
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |             status:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |               description: |-
 | 
					
						
							|  |  |  |                 Status of the ProxyClass. This is set and managed automatically.
 | 
					
						
							|  |  |  |                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |               type: object
 | 
					
						
							|  |  |  |               properties:
 | 
					
						
							|  |  |  |                 conditions:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                   description: |-
 | 
					
						
							|  |  |  |                     List of status conditions to indicate the status of the ProxyClass.
 | 
					
						
							|  |  |  |                     Known condition types are `ProxyClassReady`.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                   type: array
 | 
					
						
							|  |  |  |                   items:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                     description: Condition contains details for one aspect of the current state of this API Resource.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                     type: object
 | 
					
						
							|  |  |  |                     required:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                       - lastTransitionTime
 | 
					
						
							|  |  |  |                       - message
 | 
					
						
							|  |  |  |                       - reason
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       - status
 | 
					
						
							|  |  |  |                       - type
 | 
					
						
							|  |  |  |                     properties:
 | 
					
						
							|  |  |  |                       lastTransitionTime:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: |-
 | 
					
						
							|  |  |  |                           lastTransitionTime is the last time the condition transitioned from one status to another.
 | 
					
						
							|  |  |  |                           This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: string
 | 
					
						
							|  |  |  |                         format: date-time
 | 
					
						
							|  |  |  |                       message:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: |-
 | 
					
						
							|  |  |  |                           message is a human readable message indicating details about the transition.
 | 
					
						
							|  |  |  |                           This may be an empty string.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         maxLength: 32768
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       observedGeneration:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: |-
 | 
					
						
							|  |  |  |                           observedGeneration represents the .metadata.generation that the condition was set based upon.
 | 
					
						
							|  |  |  |                           For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
 | 
					
						
							|  |  |  |                           with respect to the current state of the instance.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: integer
 | 
					
						
							|  |  |  |                         format: int64
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         minimum: 0
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       reason:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: |-
 | 
					
						
							|  |  |  |                           reason contains a programmatic identifier indicating the reason for the condition's last transition.
 | 
					
						
							|  |  |  |                           Producers of specific condition types may define expected values and meanings for this field,
 | 
					
						
							|  |  |  |                           and whether the values are considered a guaranteed API.
 | 
					
						
							|  |  |  |                           The value should be a CamelCase string.
 | 
					
						
							|  |  |  |                           This field may not be empty.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         maxLength: 1024
 | 
					
						
							|  |  |  |                         minLength: 1
 | 
					
						
							|  |  |  |                         pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       status:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: status of the condition, one of True, False, Unknown.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         enum:
 | 
					
						
							|  |  |  |                           - "True"
 | 
					
						
							|  |  |  |                           - "False"
 | 
					
						
							|  |  |  |                           - Unknown
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                       type:
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         description: type of condition in CamelCase or in foo.example.com/CamelCase.
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                         type: string
 | 
					
						
							| 
									
										
										
										
											2024-06-18 19:01:40 +01:00
										 |  |  |                         maxLength: 316
 | 
					
						
							|  |  |  |                         pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
 | 
					
						
							| 
									
										
										
										
											2024-02-13 05:27:54 +00:00
										 |  |  |                   x-kubernetes-list-map-keys:
 | 
					
						
							|  |  |  |                     - type
 | 
					
						
							|  |  |  |                   x-kubernetes-list-type: map
 | 
					
						
							|  |  |  |       served: true
 | 
					
						
							|  |  |  |       storage: true
 | 
					
						
							|  |  |  |       subresources:
 | 
					
						
							|  |  |  |         status: {}
 |