Skip to main content
logoTetrate Service ExpressVersion: Latest

API Reference

Packages:

tsb.tetrate.io/v2

Resource Types:

Cluster

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringClustertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

A Kubernetes cluster managing both pods and VMs.

false
statusobject
false

Cluster.spec

↩ Parent

A Kubernetes cluster managing both pods and VMs.

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
installTemplateobject
false
labelsmap[string]string
false
localityobject

Deprecated.

false
namespaceScopeobject

Configure the default scoping of namespaces in this cluster.

false
namespaces[]object
false
networkstring

The network (e.g., VPC) where this cluster is present.

false
serviceAccountobject

The service account created with permissions to manage the current cluster.

false
stateobject
false
tier1Clusterboolean

Indicates whether this cluster is hosting a tier1 gateway or not.

false
tokenTtlstring

Lifetime of the tokens.

false
trustDomainstring

Trust domain for this cluster, used for multi-cluster routing.

false

Cluster.spec.installTemplate

↩ Parent

NameTypeDescriptionRequired
helmobject

valid values.yaml to be used with controlplane helm chart.

false
messagestring
false

Cluster.spec.installTemplate.helm

↩ Parent

valid values.yaml to be used with controlplane helm chart.

NameTypeDescriptionRequired
imageobject

Values for the TSB operator image.

false
operatorobject

Values for the TSB operator application.

false
secretsobject

Values for the Control Plane secrets.

false
specobject

Values for the Control Plane CR spec.

false

Cluster.spec.installTemplate.helm.image

↩ Parent

Values for the TSB operator image.

NameTypeDescriptionRequired
registrystring

Registry used to download the operator image.

false
tagstring

The tag of the operator image.

false

Cluster.spec.installTemplate.helm.operator

↩ Parent

Values for the TSB operator application.

NameTypeDescriptionRequired
deploymentobject

Values for the TSB operator deployment.

false
serviceobject

Values for the TSB operator service.

false
serviceAccountobject

Values for the TSB operator service account.

false

Cluster.spec.installTemplate.helm.operator.deployment

↩ Parent

Values for the TSB operator deployment.

NameTypeDescriptionRequired
affinityobject

Affinity configuration for the pod.

false
annotationsmap[string]string

Custom collection of annotations to add to the deployment.

false
env[]object

Custom collection of environment vars to add to the container.

false
podAnnotationsmap[string]string

Custom collection of annotations to add to the pod.

false
replicaCountinteger

Number of replicas managed by the deployment.


Format: int32

false
strategyobject

Deployment strategy to use.

false
tolerations[]object

Toleration collection applying to the pod scheduling.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity

↩ Parent

Affinity configuration for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.operator.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.operator.deployment.strategy

↩ Parent

Deployment strategy to use.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.operator.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.operator.service

↩ Parent

Values for the TSB operator service.

NameTypeDescriptionRequired
annotationsmap[string]string

Custom collection of annotations to add to the service.

false

Cluster.spec.installTemplate.helm.operator.serviceAccount

↩ Parent

Values for the TSB operator service account.

NameTypeDescriptionRequired
annotationsmap[string]string

Custom collection of annotations to add to the service account.

false
imagePullSecrets[]string

Collection of secrets names required to be able to pull images from the registry.

false
pullPasswordstring
false
pullSecretstring

A Docker config JSON to be stored in a secret to be used as an image pull secret.

false
pullUsernamestring
false

Cluster.spec.installTemplate.helm.secrets

↩ Parent

Values for the Control Plane secrets.

NameTypeDescriptionRequired
clusterServiceAccountobject

Cluster service account used to authenticate to the Management Plane.

false
elasticsearchobject

Secrets to reach the Elasticsearch.

false
tsbobject

Secrets to reach the TSB Management Plane.

false
xcpobject

Secrets to reach the XCP Central in the Management Plane.

false

Cluster.spec.installTemplate.helm.secrets.clusterServiceAccount

↩ Parent

Cluster service account used to authenticate to the Management Plane.

NameTypeDescriptionRequired
JWKstring

Literal JWK used to generate and sign the tokens for all the Control Plane agents.

false
clusterFQNstring

TSB FQN of the onboarded cluster resource.

false
encodedJWKstring

Base64-encoded JWK used to generate and sign the tokens for all the Control Plane agents.

false

Cluster.spec.installTemplate.helm.secrets.elasticsearch

↩ Parent

Secrets to reach the Elasticsearch.

NameTypeDescriptionRequired
cacertstring

Elasticsearch CA cert TLS used by control plane to verify TLS connection.

false
passwordstring

The password to access Elasticsearch.

false
usernamestring

The username to access Elasticsearch.

false

Cluster.spec.installTemplate.helm.secrets.tsb

↩ Parent

Secrets to reach the TSB Management Plane.

NameTypeDescriptionRequired
cacertstring

CA certificate used to verify TLS certs exposed the Management Plane (front envoy).

false

Cluster.spec.installTemplate.helm.secrets.xcp

↩ Parent

Secrets to reach the XCP Central in the Management Plane.

NameTypeDescriptionRequired
autoGenerateCertsboolean

Enabling this will auto generate XCP Edge certificate if mTLS is enabled to authenticate to XCP Central.

false
edgeobject

Secrets for the XCP Edge component.

false
rootcastring

CA certificate of XCP components.

false
rootcakeystring

Key of the CA certificate of XCP components.

false

Cluster.spec.installTemplate.helm.secrets.xcp.edge

↩ Parent

Secrets for the XCP Edge component.

NameTypeDescriptionRequired
certstring

Edge certificate used for mTLS with XCP Central.

false
keystring

Key of the Edge certificate used for mTLS with XCP Central.

false
tokenstring

JWT token used to authenticate XCP Edge against the XCP Central.

false

Cluster.spec.installTemplate.helm.spec

↩ Parent

Values for the Control Plane CR spec.

NameTypeDescriptionRequired
componentsobject

The set of components that make up the control plane.

false
hubstring

TSB container hub path e.g.

false
imagePullSecrets[]object
false
managementPlaneobject

Configure the management plane to retrieve configuration from.

false
meshExpansionobject

Configure mesh expansion to connect workloads external to Kubernetes to the mesh.

false
meshObservabilityobject
false
providerSettingsobject

Configures Kubernetes provider specific settings.

false
telemetryStoreobject

Configure the store that TSB will use to persist application telemetry data.

false
tier1Clusterboolean
false

Cluster.spec.installTemplate.helm.spec.components

↩ Parent

The set of components that make up the control plane.

NameTypeDescriptionRequired
collectorobject
false
defaultKubeSpecobject

Configure Kubernetes default settings for all components.

false
defaultLogLevelstring

The default log level for all components if the per component log level config is not specified.

false
gitopsobject

Configuration for the integration of the Control Plane with Continuous Deployment pipelines.

false
hpaAdapterobject
false
internalCertProviderobject

Configure the Kubernetes CSR certificate provider for TSB internal purposes like Webhook TLS certificates.

false
istioobject
false
ngacobject
false
oapobject
false
onboardingobject

Workload Onboarding.

false
rateLimitServerobject
false
route53Controllerobject
false
satelliteobject

Satellite provide load balancing capabilities for data content before the data from Envoy reaches the SPM in Control Plane.

false
wasmfetcherobject

Configuration for the WASM Fetcher component.

false
xcpobject
false

Cluster.spec.installTemplate.helm.spec.components.collector

↩ Parent

NameTypeDescriptionRequired
kubeSpecobject
false
logLevelstring

Specifies the log level for OTEL collector component.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec

↩ Parent

Configure Kubernetes default settings for all components.

NameTypeDescriptionRequired
accountobject
false
deploymentobject
false
jobobject
false
serviceobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.account

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.account.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false

Cluster.spec.installTemplate.helm.spec.components.gitops

↩ Parent

Configuration for the integration of the Control Plane with Continuous Deployment pipelines.

NameTypeDescriptionRequired
batchWindowstring

When configured, all admission requests will be paused for the configured duration.

false
enabledboolean

The GitOps component is in beta and disabled by default.

false
managementplaneRequestTimeoutstring

The GitOps component performs operations against the management plane through the k8s webhook.

false
reconcileIntervalstring

Interval at which the reconcile process will run.

false
reconcileRequestTimeoutstring

The GitOps component performs operations against the management plane internal reconcile loop.

false
webhookTimeoutstring

Timeout that will be set in the k8s gitops webhook resource.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter

↩ Parent

NameTypeDescriptionRequired
kubeSpecobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider

↩ Parent

Configure the Kubernetes CSR certificate provider for TSB internal purposes like Webhook TLS certificates.

NameTypeDescriptionRequired
certManagerobject
false
customobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager

↩ Parent

NameTypeDescriptionRequired
certManagerCaInjectorobject

Configure kubernetes specific settings for cert-manager-cainjector.

false
certManagerSpecobject

Configure kubernetes specific settings for cert-manager.

false
certManagerStartupapicheckobject

Configure kubernetes specific settings for cert-manager-startupapicheck.

false
certManagerWebhookSpecobject

Configure kubernetes specific settings for cert-manager-webhook.

false
managedenum

Managed specifies whether TSB should manage the lifecycle of cert-manager.


Enum: AUTO, EXTERNAL, INTERNAL

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector

↩ Parent

Configure kubernetes specific settings for cert-manager-cainjector.

NameTypeDescriptionRequired
kubeSpecobject

Configure kubernetes specific settings for cert-manager-cainjector.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec

↩ Parent

Configure kubernetes specific settings for cert-manager-cainjector.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec

↩ Parent

Configure kubernetes specific settings for cert-manager.

NameTypeDescriptionRequired
kubeSpecobject

Configure kubernetes specific settings for cert-manager.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec

↩ Parent

Configure kubernetes specific settings for cert-manager.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck

↩ Parent

Configure kubernetes specific settings for cert-manager-startupapicheck.

NameTypeDescriptionRequired
kubeSpecobject

Configure kubernetes specific settings for cert-manager-startupapicheck.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec

↩ Parent

Configure kubernetes specific settings for cert-manager-startupapicheck.

NameTypeDescriptionRequired
deploymentobject
false
jobobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the job.

false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec

↩ Parent

Configure kubernetes specific settings for cert-manager-webhook.

NameTypeDescriptionRequired
kubeSpecobject

Configure kubernetes specific settings for cert-manager-webhook.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec

↩ Parent

Configure kubernetes specific settings for cert-manager-webhook.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.custom

↩ Parent

NameTypeDescriptionRequired
caBundleSecretNamestring

Configure the CABundleSecretName to be used to verify the signed CSR request by different TSB components.

false
csrSignerNamestring

Name of Kubernetes CSR signer to be used to sign the CSR request by different TSB components for internal purposes.

false

Cluster.spec.installTemplate.helm.spec.components.istio

↩ Parent

NameTypeDescriptionRequired
baseOverlays[]object

The overlays applied to the Istio base component.

false
cniOverlays[]object

The overlays applied to the Istio CNI component.

false
defaultWorkloadCertTTLstring

The default TTL of issued workload certificates.

false
kubeSpecobject

Configure Kubernetes specific settings.

false
logLevelsmap[string]string

Specifies the global logging level settings for the Istio control plane components.

false
maxWorkloadCertTTLstring

The maximum TTL that can be set in issued workload certificates.

false
mountInternalWasmExtensionsboolean
false
pilotOverlays[]object

The overlays applied to the Istio pilot component.

false
traceSamplingRatenumber

The percentage of traces Envoy will sample.


Format: double

false
trustDomainstring

The trust domain corresponds to the trust root of a system.

false
tsbVersionstring

Specifies the tsb release version.

false

Cluster.spec.installTemplate.helm.spec.components.istio.baseOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.istio.baseOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.istio.cniOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.istio.cniOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
CNIobject
false
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.CNI

↩ Parent

NameTypeDescriptionRequired
binaryDirectorystring

Directory on the host to install the CNI binary.

false
chainedboolean
false
clusterRolestring

The ClusterRole Istio CNI will bind to in the ControlPlane namespace.

false
configurationDirectorystring

Directory on the host to install the CNI config.

false
configurationFileNamestring
false
revisionstring

The revisioned istio-operator that will reconcile the Istio CNI component.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.istio.pilotOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.istio.pilotOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.ngac

↩ Parent

NameTypeDescriptionRequired
enabledboolean

NGAC is an experimental component.

false
kubeSpecobject
false
logLevelsmap[string]string

The log level configuration by scopes.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.oap

↩ Parent

NameTypeDescriptionRequired
kubeSpecobject
false
logLevelstring

Specifies the log level for OAP component.

false
onDemandEnvoyMetricsEnabledboolean
false
storageIndexMergingEnabledboolean
false
streamingLogEnabledboolean
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding

↩ Parent

Workload Onboarding.

NameTypeDescriptionRequired
operatorobject

Configure Workload Onboarding Operator component.

false
planeobject

Configure Workload Onboarding Plane component.

false
repositoryobject

Configure Workload Onboarding Repository component.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator

↩ Parent

Configure Workload Onboarding Operator component.

NameTypeDescriptionRequired
kubeSpecobject

Configure Kubernetes specific settings.

false
logLevelsmap[string]string

The log level configuration by scopes.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane

↩ Parent

Configure Workload Onboarding Plane component.

NameTypeDescriptionRequired
instanceobject

Kubernetes settings for the Workload Onboarding Plane Instance component.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance

↩ Parent

Kubernetes settings for the Workload Onboarding Plane Instance component.

NameTypeDescriptionRequired
kubeSpecobject

Configure Kubernetes specific settings.

false
logLevelsmap[string]string

The log level configuration by scopes.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository

↩ Parent

Configure Workload Onboarding Repository component.

NameTypeDescriptionRequired
kubeSpecobject

Configure Kubernetes specific settings.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer

↩ Parent

NameTypeDescriptionRequired
backendobject

Configure Database backend settings.

false
domainstring
false
kubeSpecobject

Configure Kubernetes specific settings.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.backend

↩ Parent

Configure Database backend settings.

NameTypeDescriptionRequired
redisobject

Settings for redis database backend.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.backend.redis

↩ Parent

Settings for redis database backend.

NameTypeDescriptionRequired
uristring

The Redis Database URI.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller

↩ Parent

NameTypeDescriptionRequired
kubeSpecobject

Configure Kubernetes specific settings.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.satellite

↩ Parent

Satellite provide load balancing capabilities for data content before the data from Envoy reaches the SPM in Control Plane.

NameTypeDescriptionRequired
enabledboolean

Satellite is an optional component.

false
kubeSpecobject
false
logLevelstring

Specifies the log level for the component.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher

↩ Parent

Configuration for the WASM Fetcher component.

NameTypeDescriptionRequired
cacheDisableInsecureRegistriesboolean

Denies insecure registries to be used for fetching WASM modules.

false
cacheExpirationstring

WASM Module cache expiration time.

false
cacheMaxRetriesinteger

Maximum number of retries when fetching WASM modules from the OCI registry.


Format: int32

false
cachePurgeIntervalstring

WASM cache purge interval to periodically clean up the stale WASM modules.

false
cacheRequestTimeoutstring

Specifies the timeout used when retrieving the WASM plugin from the OCI registry.

false
kubeSpecobject
false
logLevelsmap[string]string

The log level configuration by scopes.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp

↩ Parent

NameTypeDescriptionRequired
centralAuthModeenum

Authentication mode for connections from XCP Edges to XCP Central.


Enum: UNKNOWN, MUTUAL_TLS, JWT

false
centralProvidedCaCertboolean

If true, obtain the CA cert for Istio from XCP central.

false
configProtectionobject
false
enableHttpMeshInternalIdentityPropagationboolean
false
isolationBoundaries[]object

Configures Isolated Istio environments along with Istio revisions for each environment.

false
kubeSpecobject
false
logLevelsmap[string]string

Loglevel for XCP.

false
revisionstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.configProtection

↩ Parent

NameTypeDescriptionRequired
authorizedUsers[]string

List of usernames of authorized users or svc accounts to create/update/delete XCP configs when config protection is enabled.

false
enableAuthorizedCreateUpdateDeleteOnXcpConfigsboolean
false
enableAuthorizedUpdateDeleteOnXcpConfigsboolean
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index]

↩ Parent

NameTypeDescriptionRequired
meshExpansionobject

Configure mesh expansion to connect workloads external to Kubernetes to the mesh.

false
namestring

Name of the IsolationBoundary.

false
revisions[]object

Configure multiple Istio Revisions under the IsolationBoundary.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion

↩ Parent

Configure mesh expansion to connect workloads external to Kubernetes to the mesh.

NameTypeDescriptionRequired
customGatewayobject

A custom mesh expansion gateway.

false
onboardingobject

Configuration of the Workload Onboarding Plane.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.customGateway

↩ Parent

A custom mesh expansion gateway.

NameTypeDescriptionRequired
hoststring

Mesh expansion gateway host address (can be hostname or IP address).

false
portinteger

Port mesh expansion gateway is listening on.


Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding

↩ Parent

Configuration of the Workload Onboarding Plane.

NameTypeDescriptionRequired
endpointobject
false
localRepositoryobject
false
tokenIssuerobject

Configuration of the built-in Workload Onboarding Token Issuer.

false
uidstring

Unique identifier of this particular installation of the Workload Onboarding Plane.

false
workloadsobject

Configuration of the workload handling.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.endpoint

↩ Parent

NameTypeDescriptionRequired
hosts[]string

List of hosts included in the TLS certificate.

false
secretNamestring

Name of the secret that holds TLS certificate chain and private key.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.tokenIssuer

↩ Parent

Configuration of the built-in Workload Onboarding Token Issuer.

NameTypeDescriptionRequired
jwtobject

Configuration of the built-in JWT Token Issuer.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.tokenIssuer.jwt

↩ Parent

Configuration of the built-in JWT Token Issuer.

NameTypeDescriptionRequired
expirationstring

Expiration is the duration issued tokens are valid for.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads

↩ Parent

Configuration of the workload handling.

NameTypeDescriptionRequired
authenticationobject

Workload authentication configuration.

false
deregistrationobject

Workload deregistration configuration.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication

↩ Parent

Workload authentication configuration.

NameTypeDescriptionRequired
jwtobject

JWT authentication configuration.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt

↩ Parent

JWT authentication configuration.

NameTypeDescriptionRequired
issuers[]object

List of permitted JWT issuers.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index]

↩ Parent

NameTypeDescriptionRequired
issuerstring

JWT Issuer identifier.

false
jwksstring

Inlined JSON Web Key Set document.

false
jwksUristring

URL of the JSON Web Key Set document.

false
shortNamestring

Unique short name associated with the issuer.

false
tokenFieldsobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields

↩ Parent

NameTypeDescriptionRequired
attributesobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields.attributes

↩ Parent

NameTypeDescriptionRequired
jsonPathstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.deregistration

↩ Parent

Workload deregistration configuration.

NameTypeDescriptionRequired
propagationDelaystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index]

↩ Parent

NameTypeDescriptionRequired
disableboolean
false
istioobject

Istio overlay configuration for the revision.

false
namestring

Name of the IstioRevision.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio

↩ Parent

Istio overlay configuration for the revision.

NameTypeDescriptionRequired
baseOverlays[]object

The overlays applied to the Istio base component.

false
cniOverlays[]object

The overlays applied to the Istio CNI component.

false
defaultWorkloadCertTTLstring

The default TTL of issued workload certificates.

false
kubeSpecobject

Configure Kubernetes specific settings.

false
logLevelsmap[string]string

Specifies the global logging level settings for the Istio control plane components.

false
maxWorkloadCertTTLstring

The maximum TTL that can be set in issued workload certificates.

false
mountInternalWasmExtensionsboolean
false
pilotOverlays[]object

The overlays applied to the Istio pilot component.

false
traceSamplingRatenumber

The percentage of traces Envoy will sample.


Format: double

false
trustDomainstring

The trust domain corresponds to the trust root of a system.

false
tsbVersionstring

Specifies the tsb release version.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.baseOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.baseOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.cniOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.cniOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec

↩ Parent

Configure Kubernetes specific settings.

NameTypeDescriptionRequired
CNIobject
false
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.CNI

↩ Parent

NameTypeDescriptionRequired
binaryDirectorystring

Directory on the host to install the CNI binary.

false
chainedboolean
false
clusterRolestring

The ClusterRole Istio CNI will bind to in the ControlPlane namespace.

false
configurationDirectorystring

Directory on the host to install the CNI config.

false
configurationFileNamestring
false
revisionstring

The revisioned istio-operator that will reconcile the Istio CNI component.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.pilotOverlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.pilotOverlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec

↩ Parent

NameTypeDescriptionRequired
deploymentobject
false
overlays[]object
false
serviceobject
false
serviceAccountobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment

↩ Parent

NameTypeDescriptionRequired
affinityobject

The scheduling constraints for the pod.

false
containerSecurityContextobject
false
env[]object

Environment variables for all containers in the deployment.

false
hpaSpecobject
false
podAnnotationsmap[string]string

Pod annotations are an unstructured key value map stored with the pod.

false
podSecurityContextobject
false
replicaCountinteger

Number of desired pods.


Minimum: 0
Maximum: 4.294967295e+09

false
resourcesobject
false
strategyobject

The deployment strategy to use to replace existing pods with new ones.

false
tolerations[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity

↩ Parent

The scheduling constraints for the pod.

NameTypeDescriptionRequired
nodeAffinityobject

Group of node affinity scheduling rules.

false
podAffinityobject

Group of inter-pod affinity scheduling rules.

false
podAntiAffinityobject

Group of inter-pod anti-affinity scheduling rules.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity

↩ Parent

Group of node affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecutionobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
preferenceobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

↩ Parent

NameTypeDescriptionRequired
nodeSelectorTerms[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object
false
matchFields[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]

↩ Parent

NameTypeDescriptionRequired
keystring
false
operatorstring
false
values[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity

↩ Parent

Group of inter-pod affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity

↩ Parent

Group of inter-pod anti-affinity scheduling rules.

NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object
false
requiredDuringSchedulingIgnoredDuringExecution[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
podAffinityTermobject
false
weightinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]

↩ Parent

NameTypeDescriptionRequired
labelSelectorobject
false
namespaces[]string
false
topologyKeystring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext

↩ Parent

NameTypeDescriptionRequired
allowPrivilegeEscalationboolean
false
capabilitiesobject
false
privilegedboolean
false
procMountstring
false
readOnlyRootFilesystemboolean
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.capabilities

↩ Parent

NameTypeDescriptionRequired
add[]string
false
drop[]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false
valueFromobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom

↩ Parent

NameTypeDescriptionRequired
configMapKeyRefobject
false
fieldRefobject
false
resourceFieldRefobject
false
secretKeyRefobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.fieldRef

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
fieldPathstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef

↩ Parent

NameTypeDescriptionRequired
containerNamestring
false
divisorobject
false
resourcestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.secretKeyRef

↩ Parent

NameTypeDescriptionRequired
keystring
false
localObjectReferenceobject
false
optionalboolean
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec

↩ Parent

NameTypeDescriptionRequired
maxReplicasinteger

Format: int32

false
metrics[]object
false
minReplicasinteger

Format: int32

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index]

↩ Parent

NameTypeDescriptionRequired
externalobject
false
objectobject
false
podsobject
false
resourceobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
metricSelectorobject
false
targetAverageValueobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object

↩ Parent

NameTypeDescriptionRequired
averageValueobject
false
metricNamestring
false
selectorobject
false
targetobject
false
targetValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.target

↩ Parent

NameTypeDescriptionRequired
apiVersionstring
false
kindstring
false
namestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods

↩ Parent

NameTypeDescriptionRequired
metricNamestring
false
selectorobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector

↩ Parent

NameTypeDescriptionRequired
matchExpressions[]object

matchExpressions is a list of label selector requirements.

false
matchLabelsmap[string]string

matchLabels is a map of &#007B;key,value&#007B; pairs.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]

↩ Parent

NameTypeDescriptionRequired
keystring

key is the label key that the selector applies to.

false
operatorstring

operator represents a key's relationship to a set of values.

false
values[]string

values is an array of string values.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource

↩ Parent

NameTypeDescriptionRequired
namestring
false
targetobject
false
targetAverageUtilizationobject
false
targetAverageValueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target

↩ Parent

NameTypeDescriptionRequired
averageUtilizationinteger

Format: int32

false
averageValueobject
false
typestring
false
valueobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext

↩ Parent

NameTypeDescriptionRequired
fsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
fsGroupChangePolicystring
false
runAsGroupinteger

Minimum: 0
Maximum: 4.294967295e+09

false
runAsNonRootboolean
false
runAsUserinteger

Minimum: 0
Maximum: 4.294967295e+09

false
seLinuxOptionsobject
false
seccompProfileobject
false
supplementalGroups[]integer
false
sysctls[]object
false
windowsOptionsobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.seLinuxOptions

↩ Parent

NameTypeDescriptionRequired
levelstring
false
rolestring
false
typestring
false
userstring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.seccompProfile

↩ Parent

NameTypeDescriptionRequired
localhostProfilestring
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.sysctls[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
valuestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.windowsOptions

↩ Parent

NameTypeDescriptionRequired
gmsaCredentialSpecstring
false
gmsaCredentialSpecNamestring
false
runAsUserNamestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.resources

↩ Parent

NameTypeDescriptionRequired
limitsmap[string]string
false
requestsmap[string]string
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy

↩ Parent

The deployment strategy to use to replace existing pods with new ones.

NameTypeDescriptionRequired
rollingUpdateobject
false
typestring
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate

↩ Parent

NameTypeDescriptionRequired
maxSurgeobject
false
maxUnavailableobject
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate.maxSurge

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable

↩ Parent

NameTypeDescriptionRequired
intValinteger

Minimum: -2.147483648e+09
Maximum: 2.147483647e+09

false
strValstring
false
typeinteger

Format: int64

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.tolerations[index]

↩ Parent

NameTypeDescriptionRequired
effectstring

Effect indicates the taint effect to match.

false
keystring

Key is the taint key that the toleration applies to.

false
operatorstring

Operator represents a key's relationship to the value.

false
tolerationSecondsinteger

Format: int64

false
valuestring

Value is the taint value the toleration matches to.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.overlays[index]

↩ Parent

NameTypeDescriptionRequired
apiVersionstring

Resource API version.

false
kindstring

Resource kind.

false
namestring

Name of resource.

false
patches[]object

List of patches to apply to resource.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.overlays[index].patches[index]

↩ Parent

NameTypeDescriptionRequired
pathstring
false
valueobject

Value to add, delete or replace.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.service

↩ Parent

NameTypeDescriptionRequired
annotationsmap[string]string

Pod annotations are an unstructured key value map stored with the service.

false
labelsmap[string]string

Labels are an unstructured key value map stored with the deployment.

false
ports[]object

The set of ports on which this service is exposed.

false
typestring

Determines how the Service is exposed.

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.service.ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.serviceAccount

↩ Parent

NameTypeDescriptionRequired
imagePullSecrets[]object
false

Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.serviceAccount.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.imagePullSecrets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the referent.

false

Cluster.spec.installTemplate.helm.spec.managementPlane

↩ Parent

Configure the management plane to retrieve configuration from.

NameTypeDescriptionRequired
clusterNamestring
false
hoststring

Management plane host address (can be hostname or IPv4/IPv6 address).

false
portinteger

Port management plane is listening on.


Format: int32

false
selfSignedboolean

Management plane uses a self signed or private TLS certificate.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion

↩ Parent

Configure mesh expansion to connect workloads external to Kubernetes to the mesh.

NameTypeDescriptionRequired
customGatewayobject

A custom mesh expansion gateway.

false
onboardingobject

Configuration of the Workload Onboarding Plane.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.customGateway

↩ Parent

A custom mesh expansion gateway.

NameTypeDescriptionRequired
hoststring

Mesh expansion gateway host address (can be hostname or IP address).

false
portinteger

Port mesh expansion gateway is listening on.


Format: int32

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding

↩ Parent

Configuration of the Workload Onboarding Plane.

NameTypeDescriptionRequired
endpointobject
false
localRepositoryobject
false
tokenIssuerobject

Configuration of the built-in Workload Onboarding Token Issuer.

false
uidstring

Unique identifier of this particular installation of the Workload Onboarding Plane.

false
workloadsobject

Configuration of the workload handling.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.endpoint

↩ Parent

NameTypeDescriptionRequired
hosts[]string

List of hosts included in the TLS certificate.

false
secretNamestring

Name of the secret that holds TLS certificate chain and private key.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.tokenIssuer

↩ Parent

Configuration of the built-in Workload Onboarding Token Issuer.

NameTypeDescriptionRequired
jwtobject

Configuration of the built-in JWT Token Issuer.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.tokenIssuer.jwt

↩ Parent

Configuration of the built-in JWT Token Issuer.

NameTypeDescriptionRequired
expirationstring

Expiration is the duration issued tokens are valid for.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads

↩ Parent

Configuration of the workload handling.

NameTypeDescriptionRequired
authenticationobject

Workload authentication configuration.

false
deregistrationobject

Workload deregistration configuration.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication

↩ Parent

Workload authentication configuration.

NameTypeDescriptionRequired
jwtobject

JWT authentication configuration.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt

↩ Parent

JWT authentication configuration.

NameTypeDescriptionRequired
issuers[]object

List of permitted JWT issuers.

false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index]

↩ Parent

NameTypeDescriptionRequired
issuerstring

JWT Issuer identifier.

false
jwksstring

Inlined JSON Web Key Set document.

false
jwksUristring

URL of the JSON Web Key Set document.

false
shortNamestring

Unique short name associated with the issuer.

false
tokenFieldsobject
false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields

↩ Parent

NameTypeDescriptionRequired
attributesobject
false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields.attributes

↩ Parent

NameTypeDescriptionRequired
jsonPathstring
false

Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.deregistration

↩ Parent

Workload deregistration configuration.

NameTypeDescriptionRequired
propagationDelaystring
false

Cluster.spec.installTemplate.helm.spec.meshObservability

↩ Parent

NameTypeDescriptionRequired
demoSettingsobject
false
settingsobject
false

Cluster.spec.installTemplate.helm.spec.meshObservability.demoSettings

↩ Parent

NameTypeDescriptionRequired
apiEndpointMetricsEnabledboolean

Toggle to process, analyze, and generate api endpoints RED metrics.

false

Cluster.spec.installTemplate.helm.spec.meshObservability.settings

↩ Parent

NameTypeDescriptionRequired
apiEndpointMetricsEnabledboolean

Toggle to process, analyze, and generate api endpoints RED metrics.

false

Cluster.spec.installTemplate.helm.spec.providerSettings

↩ Parent

Configures Kubernetes provider specific settings.

NameTypeDescriptionRequired
eksobject

Settings specific to EKS.

false
route53object

Settings specific to Route53.

false

Cluster.spec.installTemplate.helm.spec.providerSettings.eks

↩ Parent

Settings specific to EKS.

NameTypeDescriptionRequired
useNlbByDefaultboolean
false

Cluster.spec.installTemplate.helm.spec.providerSettings.route53

↩ Parent

Settings specific to Route53.

NameTypeDescriptionRequired
domainFilter[]string

List of domains to limit possible target zones by a domain suffix.

false
evaluateTargetHealthboolean

Control whether to evaluate the health of a DNS target.

false
filterSettingsobject

Filter target settings.

false
intervalstring

Duration of interval between individual synchronizations.

false
namespaceSelectorobject

Specifies the namespace to watch.

false
policyenum

Specifies the policy to use when managing DNS records.


Enum: SYNC, UPSERT_ONLY, CREATE_ONLY

false
serviceAccountNamestring

Service account name to use for IAM role.

false
ttlinteger

Default TTL (in seconds) value for DNS records.


Format: int64

false

Cluster.spec.installTemplate.helm.spec.providerSettings.route53.filterSettings

↩ Parent

Filter target settings.

NameTypeDescriptionRequired
annotationFilterstring

Filter out (remove) targets that matches annotation using label selector semantics.

false
excludeDomain[]string

Exclude subdomains.

false
labelFilterstring

Filter out (remove) targets that matches label selector.

false
zoneIdFilter[]string

When using the AWS provider, filter for zones with this ID.

false
zoneTagFilter[]string

When using the AWS provider, filter for zones with this tag.

false
zoneTypeenum

Filter out (removes) zones of this type.


Enum: NONE, PUBLIC, PRIVATE

false

Cluster.spec.installTemplate.helm.spec.providerSettings.route53.namespaceSelector

↩ Parent

Specifies the namespace to watch.

NameTypeDescriptionRequired
ignoreNamespacesstring

Comma separated list of namespaces to ignore when watching for DNS endpoints.

false
namespacestring

Specifies the namespace to watch for resources.

false

Cluster.spec.installTemplate.helm.spec.telemetryStore

↩ Parent

Configure the store that TSB will use to persist application telemetry data.

NameTypeDescriptionRequired
elasticobject
false

Cluster.spec.installTemplate.helm.spec.telemetryStore.elastic

↩ Parent

NameTypeDescriptionRequired
hoststring

Elasticsearch host address (can be hostname or IP address).

false
portinteger

Port Elasticsearch is listening on.


Format: int32

false
protocolenum

Protocol to communicate with Elasticsearch, defaults to https.


Enum: https, http

false
selfSignedboolean

Use Self-Signed certificates.

false
versioninteger

DEPRECATED: Major version of the Elasticsearch cluster.


Format: int32

false

Cluster.spec.locality

↩ Parent

Deprecated.

NameTypeDescriptionRequired
regionstring

The geographic location of the cluster.

false

Cluster.spec.namespaceScope

↩ Parent

Configure the default scoping of namespaces in this cluster.

NameTypeDescriptionRequired
exceptions[]string

Namespaces to be excluded form the default scope.

false
scopeenum

Enum: GLOBAL, LOCAL

false

Cluster.spec.namespaces[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
services[]object
false

Cluster.spec.namespaces[index].services[index]

↩ Parent

NameTypeDescriptionRequired
canonicalNamestring
false
gatewayHostboolean
false
hostnamestring

The hostname by which this service is accessed.

false
kubernetesExternalAddresses[]string
false
kubernetesServiceFqdnstring
false
kubernetesServiceIpstring
false
meshExternalboolean
false
namestring
false
namespacestring

namespace associated with the service.

false
numHopsinteger

Minimum: 0
Maximum: 4.294967295e+09

false
numKubernetesEndpointsinteger

The number of kubernetes pods providing this service.


Minimum: 0
Maximum: 4.294967295e+09

false
numVmEndpointsinteger

The number of VMs providing this service.


Minimum: 0
Maximum: 4.294967295e+09

false
ports[]object

The set of ports on which this service is exposed.

false
selectormap[string]string

label selectors associated with the service.

false
spiffeIds[]string

List of SPIFFE identities used by the workloads of the service.

false
subsets[]string
false
tier1GatewayHostboolean
false
workloads[]object

Workloads implementing the Service.

false

Cluster.spec.namespaces[index].services[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
kubernetesNodePortinteger

Minimum: 0
Maximum: 4.294967295e+09

false
namestring

Name assigned to the port.

false
numberinteger

A valid non-negative integer port number.


Minimum: 0
Maximum: 4.294967295e+09

false

Cluster.spec.namespaces[index].services[index].workloads[index]

↩ Parent

NameTypeDescriptionRequired
addressstring

Routable address of the workload.

false
isVmboolean

Indicates whether the workload is kubernetes endpoint or vm.

false
namestring

Instance name of the workload.

false
proxyobject

Proxy details.

false

Cluster.spec.namespaces[index].services[index].workloads[index].proxy

↩ Parent

Proxy details.

NameTypeDescriptionRequired
controlPlaneAddressstring
false
envoyVersionstring

Envoy version of the proxy.

false
istioVersionstring

Istio version of the proxy.

false
statusmap[string]string

Sync status for each xDS component.

false

Cluster.spec.serviceAccount

↩ Parent

The service account created with permissions to manage the current cluster.

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
keys[]object

Keys associated with the service account.

false

Cluster.spec.serviceAccount.keys[index]

↩ Parent

NameTypeDescriptionRequired
defaultTokenstring
false
encodingenum

Format in which the public and private keys are encoded.


Enum: PEM, JWK

false
idstring

Unique identifier for this key-pair.

false
privateKeystring

The encoded private key associated with the service account.

false
publicKeystring

The encoded public key associated with the service account.

false

Cluster.spec.state

↩ Parent

NameTypeDescriptionRequired
discoveredLocalityobject
false
istioVersions[]string

This shows currently running istio versions in the cluster.

false
lastSyncTimestring

Format: date-time

false
providerstring

cluster provider.

false
tsbCpVersionstring
false
xcpVersionstring
false

Cluster.spec.state.discoveredLocality

↩ Parent

NameTypeDescriptionRequired
regionstring

The geographic location of the cluster.

false

Organization

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringOrganizationtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Organization is the root of the Service Bridge object hierarchy.

false
statusobject
false

Organization.spec

↩ Parent

Organization is the root of the Service Bridge object hierarchy.

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

Organization.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

OrganizationSetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringOrganizationSettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Settings that apply globally to the entire organization.

false
statusobject
false

OrganizationSetting.spec

↩ Parent

Settings that apply globally to the entire organization.

NameTypeDescriptionRequired
defaultSecuritySettingobject

Security settings for all proxy workloads in this organization.

false
defaultTrafficSettingobject

Traffic settings for all proxy workloads in this organization.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
networkSettingsobject

Reachability between clusters on various networks.

false
regionalFailover[]object

Default locality routing settings for all gateways.

false

OrganizationSetting.spec.defaultSecuritySetting

↩ Parent

Security settings for all proxy workloads in this organization.

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

OrganizationSetting.spec.defaultSecuritySetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

OrganizationSetting.spec.defaultSecuritySetting.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

OrganizationSetting.spec.defaultSecuritySetting.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

OrganizationSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

OrganizationSetting.spec.defaultSecuritySetting.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

OrganizationSetting.spec.defaultTrafficSetting

↩ Parent

Traffic settings for all proxy workloads in this organization.

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
egressobject
false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rateLimitingobject

Configuration for rate limiting requests.

false
reachabilityobject
false
resilienceobject
false

OrganizationSetting.spec.defaultTrafficSetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

OrganizationSetting.spec.defaultTrafficSetting.egress

↩ Parent

NameTypeDescriptionRequired
hoststring

Specifies the egress gateway hostname.

false
portinteger

Deprecated.


Format: int32

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

OrganizationSetting.spec.defaultTrafficSetting.reachability

↩ Parent

NameTypeDescriptionRequired
hosts[]string
false
modeenum

A short cut for specifying the set of services accessed by the workload.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM

false

OrganizationSetting.spec.defaultTrafficSetting.resilience

↩ Parent

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

Enum: UNSET, LOW, MEDIUM, HIGH

false
httpRequestTimeoutstring

Timeout for HTTP requests.

false
httpRetriesobject

Retry policy for HTTP requests.

false
keepAliveobject

Keep Alive Settings.

false
tcpKeepaliveboolean

Deprecated.

false

OrganizationSetting.spec.defaultTrafficSetting.resilience.httpRetries

↩ Parent

Retry policy for HTTP requests.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
tcpobject

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

false

OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp

↩ Parent

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

NameTypeDescriptionRequired
downstreamobject

TCP Keep Alive Settings associated with the downstream (client) connection.

false
upstreamobject

TCP Keep Alive Settings associated with the upstream (backend) connection.

false

OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream

↩ Parent

TCP Keep Alive Settings associated with the downstream (client) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream

↩ Parent

TCP Keep Alive Settings associated with the upstream (backend) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

OrganizationSetting.spec.networkSettings

↩ Parent

Reachability between clusters on various networks.

NameTypeDescriptionRequired
networkReachabilitymap[string]string

Reachability between clusters on various networks.

false

OrganizationSetting.spec.regionalFailover[index]

↩ Parent

NameTypeDescriptionRequired
fromstring

Originating region.

false
tostring
false

ServiceAccount

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringServiceAccounttrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

ServiceAccount represents a service account that can be used to access the TSB platform.

false
statusobject
false

ServiceAccount.spec

↩ Parent

ServiceAccount represents a service account that can be used to access the TSB platform.

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
keys[]object

Keys associated with the service account.

false

ServiceAccount.spec.keys[index]

↩ Parent

NameTypeDescriptionRequired
defaultTokenstring
false
encodingenum

Format in which the public and private keys are encoded.


Enum: PEM, JWK

false
idstring

Unique identifier for this key-pair.

false
privateKeystring

The encoded private key associated with the service account.

false
publicKeystring

The encoded public key associated with the service account.

false

Team

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringTeamtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Team is a named collection of users under a tenant.

false
statusobject
false

Team.spec

↩ Parent

Team is a named collection of users under a tenant.

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
members[]string

List of members under the team.

false
sourceTypeenum

Where the team comes from.


Enum: INVALID, LDAP, LOCAL, AZURE, MANUAL

false

Tenant

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringTenanttrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Tenant is a self-contained entity within an organization in the Service Bridge hierarchy.

false
statusobject
false

Tenant.spec

↩ Parent

Tenant is a self-contained entity within an organization in the Service Bridge hierarchy.

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
securityDomainstring

Security domains can be used to group different resources under the same security domain.

false

Tenant.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

TenantSetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringTenantSettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Default settings that apply to all workspaces under a tenant.

false
statusobject
false

TenantSetting.spec

↩ Parent

Default settings that apply to all workspaces under a tenant.

NameTypeDescriptionRequired
defaultSecuritySettingobject

Security settings for all proxy workloads in this tenant.

false
defaultTrafficSettingobject

Traffic settings for all proxy workloads in this tenant.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

TenantSetting.spec.defaultSecuritySetting

↩ Parent

Security settings for all proxy workloads in this tenant.

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

TenantSetting.spec.defaultSecuritySetting.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

TenantSetting.spec.defaultSecuritySetting.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

TenantSetting.spec.defaultSecuritySetting.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

TenantSetting.spec.defaultSecuritySetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

TenantSetting.spec.defaultSecuritySetting.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

TenantSetting.spec.defaultSecuritySetting.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

TenantSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TenantSetting.spec.defaultSecuritySetting.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

TenantSetting.spec.defaultTrafficSetting

↩ Parent

Traffic settings for all proxy workloads in this tenant.

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
egressobject
false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rateLimitingobject

Configuration for rate limiting requests.

false
reachabilityobject
false
resilienceobject
false

TenantSetting.spec.defaultTrafficSetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

TenantSetting.spec.defaultTrafficSetting.egress

↩ Parent

NameTypeDescriptionRequired
hoststring

Specifies the egress gateway hostname.

false
portinteger

Deprecated.


Format: int32

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

TenantSetting.spec.defaultTrafficSetting.reachability

↩ Parent

NameTypeDescriptionRequired
hosts[]string
false
modeenum

A short cut for specifying the set of services accessed by the workload.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM

false

TenantSetting.spec.defaultTrafficSetting.resilience

↩ Parent

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

Enum: UNSET, LOW, MEDIUM, HIGH

false
httpRequestTimeoutstring

Timeout for HTTP requests.

false
httpRetriesobject

Retry policy for HTTP requests.

false
keepAliveobject

Keep Alive Settings.

false
tcpKeepaliveboolean

Deprecated.

false

TenantSetting.spec.defaultTrafficSetting.resilience.httpRetries

↩ Parent

Retry policy for HTTP requests.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
tcpobject

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

false

TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp

↩ Parent

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

NameTypeDescriptionRequired
downstreamobject

TCP Keep Alive Settings associated with the downstream (client) connection.

false
upstreamobject

TCP Keep Alive Settings associated with the upstream (backend) connection.

false

TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream

↩ Parent

TCP Keep Alive Settings associated with the downstream (client) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream

↩ Parent

TCP Keep Alive Settings associated with the upstream (backend) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

Workspace

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringWorkspacetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

A Workspace is a collection of related namespaces in one or more clusters.

false
statusobject
false

Workspace.spec

↩ Parent

A Workspace is a collection of related namespaces in one or more clusters.

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
isolationBoundarystring

Istio Isolation Boundary name to which this workspace belongs.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this workspace.

false
privilegedboolean
false
securityDomainstring

Security domains can be used to group different resources under the same security domain.

false

Workspace.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Workspace.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this workspace.

NameTypeDescriptionRequired
names[]string
false

WorkspaceSetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringWorkspaceSettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Default security and traffic settings for all proxy workloads in the workspace.

false
statusobject
false

WorkspaceSetting.spec

↩ Parent

Default security and traffic settings for all proxy workloads in the workspace.

NameTypeDescriptionRequired
defaultEastWestGatewaySettings[]object

Default east west gateway settings specifies workspace-wide east-west gateway configuration.

false
defaultSecuritySettingobject

Security settings for all proxy workloads in this workspace.

false
defaultTrafficSettingobject

Traffic settings for all proxy workloads in this workspace.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
hostsReachabilityobject

Hosts reachability defines the list of hostnames that this workspace can reach.

false
regionalFailover[]object

Locality routing settings for all gateways in the workspace.

false

WorkspaceSetting.spec.defaultEastWestGatewaySettings[index]

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
exposedServices[]object
false
workloadSelectorobject
false

WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].exposedServices[index]

↩ Parent

NameTypeDescriptionRequired
serviceLabelsmap[string]string
false

WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

WorkspaceSetting.spec.defaultSecuritySetting

↩ Parent

Security settings for all proxy workloads in this workspace.

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

WorkspaceSetting.spec.defaultSecuritySetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

WorkspaceSetting.spec.defaultSecuritySetting.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

WorkspaceSetting.spec.defaultSecuritySetting.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

WorkspaceSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

WorkspaceSetting.spec.defaultSecuritySetting.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

WorkspaceSetting.spec.defaultTrafficSetting

↩ Parent

Traffic settings for all proxy workloads in this workspace.

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
egressobject
false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rateLimitingobject

Configuration for rate limiting requests.

false
reachabilityobject
false
resilienceobject
false

WorkspaceSetting.spec.defaultTrafficSetting.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

WorkspaceSetting.spec.defaultTrafficSetting.egress

↩ Parent

NameTypeDescriptionRequired
hoststring

Specifies the egress gateway hostname.

false
portinteger

Deprecated.


Format: int32

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

WorkspaceSetting.spec.defaultTrafficSetting.reachability

↩ Parent

NameTypeDescriptionRequired
hosts[]string
false
modeenum

A short cut for specifying the set of services accessed by the workload.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience

↩ Parent

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

Enum: UNSET, LOW, MEDIUM, HIGH

false
httpRequestTimeoutstring

Timeout for HTTP requests.

false
httpRetriesobject

Retry policy for HTTP requests.

false
keepAliveobject

Keep Alive Settings.

false
tcpKeepaliveboolean

Deprecated.

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience.httpRetries

↩ Parent

Retry policy for HTTP requests.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
tcpobject

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp

↩ Parent

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

NameTypeDescriptionRequired
downstreamobject

TCP Keep Alive Settings associated with the downstream (client) connection.

false
upstreamobject

TCP Keep Alive Settings associated with the upstream (backend) connection.

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream

↩ Parent

TCP Keep Alive Settings associated with the downstream (client) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream

↩ Parent

TCP Keep Alive Settings associated with the upstream (backend) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

WorkspaceSetting.spec.hostsReachability

↩ Parent

Hosts reachability defines the list of hostnames that this workspace can reach.

NameTypeDescriptionRequired
hostnames[]object

The Gateway hostname that can be one of the following.

false

WorkspaceSetting.spec.hostsReachability.hostnames[index]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

WorkspaceSetting.spec.regionalFailover[index]

↩ Parent

NameTypeDescriptionRequired
fromstring

Originating region.

false
tostring
false

application.tsb.tetrate.io/v2

Resource Types:

API

↩ Parent

NameTypeDescriptionRequired
apiVersionstringapplication.tsb.tetrate.io/v2true
kindstringAPItrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

An API configuring a set of servers and endpoints that expose the Application business logic.

false
statusobject
false

API.spec

↩ Parent

An API configuring a set of servers and endpoints that expose the Application business logic.

NameTypeDescriptionRequired
configResources[]object

The configuration resources that are related to this API object.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
endpoints[]object

List of endpoints exposed by this API.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
httpServers[]object

List of gateways servers that expose the API.

false
openapistring

The raw OpenAPI spec for this API.

false
servers[]object

DEPRECATED: For new created APIs, the exposed servers will be available at httpServers.

false
workloadSelectorobject
false

API.spec.configResources[index]

↩ Parent

NameTypeDescriptionRequired
exclusivelyOwnedboolean
false
expectedEtagstring
false
fqnstring

The FQN of the resource this status is computed for.

false

API.spec.endpoints[index]

↩ Parent

NameTypeDescriptionRequired
exposedByobject

The exposer of this endpoint.

false
hostnames[]string

The list of hostnames where this endpoint is exposed.

false
methods[]string

The list of HTTP methods this endpoint supports.

false
pathstring

The HTTP path of the endpoint, relative to the hostnames exposed by the API.

false
servicestring

DEPRECATED: For new created APIs, the exposed servers will be available at httpServers.

false

API.spec.endpoints[index].exposedBy

↩ Parent

The exposer of this endpoint.

NameTypeDescriptionRequired
clusterGroupobject

The clusters that are exposing a concrete endpoint.

false
servicestring

The FQN of the service in the service registry that is exposing a concrete endpoint.

false

API.spec.endpoints[index].exposedBy.clusterGroup

↩ Parent

The clusters that are exposing a concrete endpoint.

NameTypeDescriptionRequired
clusters[]object

The clusters that contain gateways exposing the HTTPEndpoint.

false

API.spec.endpoints[index].exposedBy.clusterGroup.clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the cluster exposing the endpoint.

false
weightinteger

The weight for traffic to a cluster exposing the endpoint.


Minimum: 0
Maximum: 4.294967295e+09

false

API.spec.httpServers[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject
false
authorizationobject

Authorization is used to configure authorization of end users.

false
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed at the gateway workload(pod).


Minimum: 0
Maximum: 4.294967295e+09

false
rateLimitingobject

Configuration for rate limiting requests.

false
routingobject

Routing rules associated with HTTP traffic to this server.

false
tlsobject

TLS certificate info.

false
transitboolean

If set to true, the server is configured to be exposed within the mesh.

false

API.spec.httpServers[index].authentication

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

API.spec.httpServers[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

API.spec.httpServers[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

API.spec.httpServers[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

API.spec.httpServers[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

API.spec.httpServers[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

API.spec.httpServers[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

API.spec.httpServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

API.spec.httpServers[index].authorization

↩ Parent

Authorization is used to configure authorization of end users.

NameTypeDescriptionRequired
externalobject
false
localobject
false

API.spec.httpServers[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

API.spec.httpServers[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

API.spec.httpServers[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

API.spec.httpServers[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

API.spec.httpServers[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

API.spec.httpServers[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

API.spec.httpServers[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

API.spec.httpServers[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

API.spec.httpServers[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

API.spec.httpServers[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

API.spec.httpServers[index].rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

API.spec.httpServers[index].rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

API.spec.httpServers[index].rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

API.spec.httpServers[index].rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

API.spec.httpServers[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

API.spec.httpServers[index].routing

↩ Parent

Routing rules associated with HTTP traffic to this server.

NameTypeDescriptionRequired
corsPolicyobject

Cross origin resource request policy settings for all routes.

false
rules[]object

HTTP routes.

false

API.spec.httpServers[index].routing.corsPolicy

↩ Parent

Cross origin resource request policy settings for all routes.

NameTypeDescriptionRequired
allowCredentialsboolean
false
allowHeaders[]string

List of HTTP headers that can be used when requesting the resource.

false
allowMethods[]string

List of HTTP methods allowed to access the resource.

false
allowOrigin[]string

The list of origins that are allowed to perform CORS requests.

false
exposeHeaders[]string

A white list of HTTP headers that the browsers are allowed to access.

false
maxAgestring

Specifies how long the results of a preflight request can be cached.

false

API.spec.httpServers[index].routing.rules[index]

↩ Parent

NameTypeDescriptionRequired
disableExternalAuthorizationboolean
false
match[]object

One or more match conditions (OR-ed).

false
modifyobject

One or more mutations to be performed before forwarding.

false
redirectobject

Redirect the request to a different host or URL or both.

false
routeobject

Forward the request to the specified destination(s).

false

API.spec.httpServers[index].routing.rules[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object

The header keys must be lowercase and use hyphen as the separator, e.g.

false
uriobject

URI to match.

false

API.spec.httpServers[index].routing.rules[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.httpServers[index].routing.rules[index].match[index].uri

↩ Parent

URI to match.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.httpServers[index].routing.rules[index].modify

↩ Parent

One or more mutations to be performed before forwarding.

NameTypeDescriptionRequired
headersobject

Add/remove/overwrite one or more HTTP headers in a request or response.

false
rewriteobject

Rewrite the HTTP Host or URL or both.

false

API.spec.httpServers[index].routing.rules[index].modify.headers

↩ Parent

Add/remove/overwrite one or more HTTP headers in a request or response.

NameTypeDescriptionRequired
requestobject

Header manipulation rules to apply before forwarding a request to the destination service.

false
responseobject

Header manipulation rules to apply before returning a response to the caller.

false

API.spec.httpServers[index].routing.rules[index].modify.headers.request

↩ Parent

Header manipulation rules to apply before forwarding a request to the destination service.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

API.spec.httpServers[index].routing.rules[index].modify.headers.response

↩ Parent

Header manipulation rules to apply before returning a response to the caller.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

API.spec.httpServers[index].routing.rules[index].modify.rewrite

↩ Parent

Rewrite the HTTP Host or URL or both.

NameTypeDescriptionRequired
authoritystring

Rewrite the Authority/Host header with this value.

false
uristring

Rewrite the path (or the prefix) portion of the URI with this value.

false

API.spec.httpServers[index].routing.rules[index].redirect

↩ Parent

Redirect the request to a different host or URL or both.

NameTypeDescriptionRequired
authoritystring

On a redirect, overwrite the Authority/Host portion of the URL with this value.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
redirectCodeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
schemestring

On a redirect, overwrite the scheme with this one.

false
uristring

On a redirect, overwrite the Path portion of the URL with this value.

false

API.spec.httpServers[index].routing.rules[index].route

↩ Parent

Forward the request to the specified destination(s).

NameTypeDescriptionRequired
clusterDestinationobject
false
serviceDestinationobject

RouteToService represents the service running in clusters.

false

API.spec.httpServers[index].routing.rules[index].route.clusterDestination

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters that contain ingress gateways exposing the hostname.

false

API.spec.httpServers[index].routing.rules[index].route.clusterDestination.clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

API.spec.httpServers[index].routing.rules[index].route.serviceDestination

↩ Parent

RouteToService represents the service running in clusters.

NameTypeDescriptionRequired
hoststring

The destination service in &#003C;namespace&#003E;/&#003C;fqdn&#003E;.

false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false
tlsobject
false

API.spec.httpServers[index].routing.rules[index].route.serviceDestination.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

API.spec.httpServers[index].routing.rules[index].route.serviceDestination.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

API.spec.httpServers[index].tls

↩ Parent

TLS certificate info.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

API.spec.httpServers[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

API.spec.servers[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject

Configuration to authenticate clients.

false
authorizationobject

Configuration to authorize a request.

false
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
rateLimitingobject

Configuration for rate limiting requests.

false
routingobject

Routing rules associated with HTTP traffic to this service.

false
tlsobject

TLS certificate info.

false
xxxOldAuthenticationobject
false
xxxOldAuthorizationobject
false

API.spec.servers[index].authentication

↩ Parent

Configuration to authenticate clients.

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

API.spec.servers[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

API.spec.servers[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

API.spec.servers[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

API.spec.servers[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

API.spec.servers[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

API.spec.servers[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

API.spec.servers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

API.spec.servers[index].authorization

↩ Parent

Configuration to authorize a request.

NameTypeDescriptionRequired
externalobject
false
localobject
false

API.spec.servers[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

API.spec.servers[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

API.spec.servers[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

API.spec.servers[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

API.spec.servers[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

API.spec.servers[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

API.spec.servers[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

API.spec.servers[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

API.spec.servers[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

API.spec.servers[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

API.spec.servers[index].rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

API.spec.servers[index].rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

API.spec.servers[index].rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

API.spec.servers[index].rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

API.spec.servers[index].rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

API.spec.servers[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

API.spec.servers[index].routing

↩ Parent

Routing rules associated with HTTP traffic to this service.

NameTypeDescriptionRequired
corsPolicyobject

Cross origin resource request policy settings for all routes.

false
rules[]object

HTTP routes.

false

API.spec.servers[index].routing.corsPolicy

↩ Parent

Cross origin resource request policy settings for all routes.

NameTypeDescriptionRequired
allowCredentialsboolean
false
allowHeaders[]string

List of HTTP headers that can be used when requesting the resource.

false
allowMethods[]string

List of HTTP methods allowed to access the resource.

false
allowOrigin[]string

The list of origins that are allowed to perform CORS requests.

false
exposeHeaders[]string

A white list of HTTP headers that the browsers are allowed to access.

false
maxAgestring

Specifies how long the results of a preflight request can be cached.

false

API.spec.servers[index].routing.rules[index]

↩ Parent

NameTypeDescriptionRequired
match[]object

One or more match conditions (OR-ed).

false
modifyobject

One or more mutations to be performed before forwarding.

false
redirectobject

Redirect the request to a different host or URL or both.

false
routeobject

Forward the request to the specified destination(s).

false

API.spec.servers[index].routing.rules[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object

The header keys must be lowercase and use hyphen as the separator, e.g.

false
uriobject

URI to match.

false

API.spec.servers[index].routing.rules[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.servers[index].routing.rules[index].match[index].uri

↩ Parent

URI to match.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

API.spec.servers[index].routing.rules[index].modify

↩ Parent

One or more mutations to be performed before forwarding.

NameTypeDescriptionRequired
headersobject

Add/remove/overwrite one or more HTTP headers in a request or response.

false
rewriteobject

Rewrite the HTTP Host or URL or both.

false

API.spec.servers[index].routing.rules[index].modify.headers

↩ Parent

Add/remove/overwrite one or more HTTP headers in a request or response.

NameTypeDescriptionRequired
requestobject

Header manipulation rules to apply before forwarding a request to the destination service.

false
responseobject

Header manipulation rules to apply before returning a response to the caller.

false

API.spec.servers[index].routing.rules[index].modify.headers.request

↩ Parent

Header manipulation rules to apply before forwarding a request to the destination service.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

API.spec.servers[index].routing.rules[index].modify.headers.response

↩ Parent

Header manipulation rules to apply before returning a response to the caller.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

API.spec.servers[index].routing.rules[index].modify.rewrite

↩ Parent

Rewrite the HTTP Host or URL or both.

NameTypeDescriptionRequired
authoritystring

Rewrite the Authority/Host header with this value.

false
uristring

Rewrite the path (or the prefix) portion of the URI with this value.

false

API.spec.servers[index].routing.rules[index].redirect

↩ Parent

Redirect the request to a different host or URL or both.

NameTypeDescriptionRequired
authoritystring

On a redirect, overwrite the Authority/Host portion of the URL with this value.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
redirectCodeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
schemestring

On a redirect, overwrite the scheme with this one.

false
uristring

On a redirect, overwrite the Path portion of the URL with this value.

false

API.spec.servers[index].routing.rules[index].route

↩ Parent

Forward the request to the specified destination(s).

NameTypeDescriptionRequired
hoststring
false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false

API.spec.servers[index].tls

↩ Parent

TLS certificate info.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

API.spec.servers[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

API.spec.servers[index].xxxOldAuthentication

↩ Parent

NameTypeDescriptionRequired
jwtobject
false

API.spec.servers[index].xxxOldAuthentication.jwt

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false

API.spec.servers[index].xxxOldAuthorization

↩ Parent

NameTypeDescriptionRequired
externalobject
false
localobject
false

API.spec.servers[index].xxxOldAuthorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
uristring
false

API.spec.servers[index].xxxOldAuthorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

API.spec.servers[index].xxxOldAuthorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

API.spec.workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

Application

↩ Parent

NameTypeDescriptionRequired
apiVersionstringapplication.tsb.tetrate.io/v2true
kindstringApplicationtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Application.spec

↩ Parent

NameTypeDescriptionRequired
configResources[]object

The configuration resources that are related to this Application.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
gatewayGroupstring

Optional FQN of the Gateway Group to be used by the application.

false
namespaceSelectorobject

Optional set of namespaces this application can configure.

false
services[]string

Optional list of services that are part of the application.

false
workspacestring

FQN of the workspace this application is part of.

false

Application.spec.configResources[index]

↩ Parent

NameTypeDescriptionRequired
exclusivelyOwnedboolean
false
expectedEtagstring
false
fqnstring

The FQN of the resource this status is computed for.

false

Application.spec.namespaceSelector

↩ Parent

Optional set of namespaces this application can configure.

NameTypeDescriptionRequired
names[]string
false

extension.tsb.tetrate.io/v2

Resource Types:

WasmExtension

↩ Parent

NameTypeDescriptionRequired
apiVersionstringextension.tsb.tetrate.io/v2true
kindstringWasmExtensiontrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

WasmExtension.spec

↩ Parent

NameTypeDescriptionRequired
allowedIn[]string

List of fqns where this extension is allowed to run.

false
configobject
false
descriptionstring

A description of the extension.

false
displayNamestring

User friendly name for the extension.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
imagestring

Deprecated.

false
imagePullPolicyenum

Enum: UNSPECIFIED_POLICY, IfNotPresent, Always

false
imagePullSecretstring

Credentials to use for OCI image pulling.

false
matchobject

Specifies the criteria to determine which traffic is passed to WasmExtension.

false
phaseenum

The phase in the filter chain where the extension will be injected.


Enum: UNSPECIFIED_PHASE, AUTHN, AUTHZ, STATS

false
priorityinteger

Determines the ordering of WasmExtensions in the same phase.


Format: int32

false
sourcestring
false
urlstring

URL of a Wasm module or OCI container.

false
vmConfigobject
false

WasmExtension.spec.match

↩ Parent

Specifies the criteria to determine which traffic is passed to WasmExtension.

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false

WasmExtension.spec.vmConfig

↩ Parent

NameTypeDescriptionRequired
env[]object

Specifies environment variables to be injected to this VM.

false

WasmExtension.spec.vmConfig.env[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name of the environment variable.

false
valuestring

Value for the environment variable.

false
valueFromenum

Source for the environment variable's value.


Enum: INLINE, HOST

false

gateway.tsb.tetrate.io/v2

Resource Types:

EgressGateway

↩ Parent

NameTypeDescriptionRequired
apiVersionstringgateway.tsb.tetrate.io/v2true
kindstringEgressGatewaytrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

EgressGateway configures a workload to act as an egress gateway in the mesh.

false
statusobject
false

EgressGateway.spec

↩ Parent

EgressGateway configures a workload to act as an egress gateway in the mesh.

NameTypeDescriptionRequired
authorization[]object

The description of which service accounts can access which hosts.

false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
workloadSelectorobject
false

EgressGateway.spec.authorization[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

The workloads or service accounts this authorization rule applies to.

false
to[]string

The external hostnames the workload(s) described in this rule can access.

false

EgressGateway.spec.authorization[index].from

↩ Parent

The workloads or service accounts this authorization rule applies to.

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

EgressGateway.spec.authorization[index].from.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

EgressGateway.spec.authorization[index].from.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

EgressGateway.spec.authorization[index].from.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

EgressGateway.spec.authorization[index].from.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

EgressGateway.spec.authorization[index].from.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

EgressGateway.spec.authorization[index].from.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

EgressGateway.spec.authorization[index].from.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

EgressGateway.spec.authorization[index].from.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

EgressGateway.spec.authorization[index].from.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

EgressGateway.spec.authorization[index].from.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

EgressGateway.spec.authorization[index].from.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

EgressGateway.spec.authorization[index].from.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

EgressGateway.spec.authorization[index].from.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

EgressGateway.spec.authorization[index].from.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

EgressGateway.spec.authorization[index].from.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

EgressGateway.spec.authorization[index].from.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

EgressGateway.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

EgressGateway.spec.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

EgressGateway.spec.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

EgressGateway.spec.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

EgressGateway.spec.workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

Gateway

↩ Parent

NameTypeDescriptionRequired
apiVersionstringgateway.tsb.tetrate.io/v2true
kindstringGatewaytrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Gateway.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
http[]object

One or more HTTP or HTTPS servers exposed by the gateway.

false
tcp[]object
false
tls[]object

One or more TLS servers exposed by the gateway.

false
wafobject

WAF settings to be enabled for traffic passing through the HttpServer.

false
wasmPlugins[]object
false
workloadSelectorobject
false

Gateway.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Gateway.spec.http[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject
false
authorizationobject

Authorization is used to configure authorization of end users.

false
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed at the gateway workload(pod).


Minimum: 0
Maximum: 4.294967295e+09

false
rateLimitingobject

Configuration for rate limiting requests.

false
routingobject

Routing rules associated with HTTP traffic to this server.

false
tlsobject

TLS certificate info.

false
transitboolean

If set to true, the server is configured to be exposed within the mesh.

false

Gateway.spec.http[index].authentication

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

Gateway.spec.http[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Gateway.spec.http[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Gateway.spec.http[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Gateway.spec.http[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

Gateway.spec.http[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Gateway.spec.http[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Gateway.spec.http[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Gateway.spec.http[index].authorization

↩ Parent

Authorization is used to configure authorization of end users.

NameTypeDescriptionRequired
externalobject
false
localobject
false

Gateway.spec.http[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

Gateway.spec.http[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Gateway.spec.http[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Gateway.spec.http[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

Gateway.spec.http[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

Gateway.spec.http[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

Gateway.spec.http[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

Gateway.spec.http[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

Gateway.spec.http[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

Gateway.spec.http[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

Gateway.spec.http[index].rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

Gateway.spec.http[index].rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Gateway.spec.http[index].rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Gateway.spec.http[index].rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

Gateway.spec.http[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

Gateway.spec.http[index].routing

↩ Parent

Routing rules associated with HTTP traffic to this server.

NameTypeDescriptionRequired
corsPolicyobject

Cross origin resource request policy settings for all routes.

false
rules[]object

HTTP routes.

false

Gateway.spec.http[index].routing.corsPolicy

↩ Parent

Cross origin resource request policy settings for all routes.

NameTypeDescriptionRequired
allowCredentialsboolean
false
allowHeaders[]string

List of HTTP headers that can be used when requesting the resource.

false
allowMethods[]string

List of HTTP methods allowed to access the resource.

false
allowOrigin[]string

The list of origins that are allowed to perform CORS requests.

false
exposeHeaders[]string

A white list of HTTP headers that the browsers are allowed to access.

false
maxAgestring

Specifies how long the results of a preflight request can be cached.

false

Gateway.spec.http[index].routing.rules[index]

↩ Parent

NameTypeDescriptionRequired
disableExternalAuthorizationboolean
false
match[]object

One or more match conditions (OR-ed).

false
modifyobject

One or more mutations to be performed before forwarding.

false
redirectobject

Redirect the request to a different host or URL or both.

false
routeobject

Forward the request to the specified destination(s).

false

Gateway.spec.http[index].routing.rules[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object

The header keys must be lowercase and use hyphen as the separator, e.g.

false
uriobject

URI to match.

false

Gateway.spec.http[index].routing.rules[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Gateway.spec.http[index].routing.rules[index].match[index].uri

↩ Parent

URI to match.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Gateway.spec.http[index].routing.rules[index].modify

↩ Parent

One or more mutations to be performed before forwarding.

NameTypeDescriptionRequired
headersobject

Add/remove/overwrite one or more HTTP headers in a request or response.

false
rewriteobject

Rewrite the HTTP Host or URL or both.

false

Gateway.spec.http[index].routing.rules[index].modify.headers

↩ Parent

Add/remove/overwrite one or more HTTP headers in a request or response.

NameTypeDescriptionRequired
requestobject

Header manipulation rules to apply before forwarding a request to the destination service.

false
responseobject

Header manipulation rules to apply before returning a response to the caller.

false

Gateway.spec.http[index].routing.rules[index].modify.headers.request

↩ Parent

Header manipulation rules to apply before forwarding a request to the destination service.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

Gateway.spec.http[index].routing.rules[index].modify.headers.response

↩ Parent

Header manipulation rules to apply before returning a response to the caller.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

Gateway.spec.http[index].routing.rules[index].modify.rewrite

↩ Parent

Rewrite the HTTP Host or URL or both.

NameTypeDescriptionRequired
authoritystring

Rewrite the Authority/Host header with this value.

false
uristring

Rewrite the path (or the prefix) portion of the URI with this value.

false

Gateway.spec.http[index].routing.rules[index].redirect

↩ Parent

Redirect the request to a different host or URL or both.

NameTypeDescriptionRequired
authoritystring

On a redirect, overwrite the Authority/Host portion of the URL with this value.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
redirectCodeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
schemestring

On a redirect, overwrite the scheme with this one.

false
uristring

On a redirect, overwrite the Path portion of the URL with this value.

false

Gateway.spec.http[index].routing.rules[index].route

↩ Parent

Forward the request to the specified destination(s).

NameTypeDescriptionRequired
clusterDestinationobject
false
serviceDestinationobject

RouteToService represents the service running in clusters.

false

Gateway.spec.http[index].routing.rules[index].route.clusterDestination

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters that contain ingress gateways exposing the hostname.

false

Gateway.spec.http[index].routing.rules[index].route.clusterDestination.clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Gateway.spec.http[index].routing.rules[index].route.serviceDestination

↩ Parent

RouteToService represents the service running in clusters.

NameTypeDescriptionRequired
hoststring

The destination service in &#003C;namespace&#003E;/&#003C;fqdn&#003E;.

false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false
tlsobject
false

Gateway.spec.http[index].routing.rules[index].route.serviceDestination.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Gateway.spec.http[index].routing.rules[index].route.serviceDestination.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Gateway.spec.http[index].tls

↩ Parent

TLS certificate info.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

Gateway.spec.http[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

Gateway.spec.tcp[index]

↩ Parent

NameTypeDescriptionRequired
hostnamestring

Hostname to identify the service.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
routeobject

Forward the connection to the specified destination.

false
tlsobject

TLS certificate info to terminate the TLS connection.

false
transitboolean

If set to true, the server is configured to be exposed within the mesh.

false

Gateway.spec.tcp[index].route

↩ Parent

Forward the connection to the specified destination.

NameTypeDescriptionRequired
clusterDestinationobject
false
serviceDestinationobject

RouteToService represents the service running in clusters.

false

Gateway.spec.tcp[index].route.clusterDestination

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters that contain ingress gateways exposing the hostname.

false

Gateway.spec.tcp[index].route.clusterDestination.clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Gateway.spec.tcp[index].route.serviceDestination

↩ Parent

RouteToService represents the service running in clusters.

NameTypeDescriptionRequired
hoststring

The destination service in &#003C;namespace&#003E;/&#003C;fqdn&#003E;.

false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false
tlsobject
false

Gateway.spec.tcp[index].route.serviceDestination.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Gateway.spec.tcp[index].route.serviceDestination.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Gateway.spec.tcp[index].tls

↩ Parent

TLS certificate info to terminate the TLS connection.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

Gateway.spec.tcp[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

Gateway.spec.tls[index]

↩ Parent

NameTypeDescriptionRequired
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
routeobject

Forward the connection to the specified destination.

false

Gateway.spec.tls[index].route

↩ Parent

Forward the connection to the specified destination.

NameTypeDescriptionRequired
clusterDestinationobject
false
serviceDestinationobject

RouteToService represents the service running in clusters.

false

Gateway.spec.tls[index].route.clusterDestination

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters that contain ingress gateways exposing the hostname.

false

Gateway.spec.tls[index].route.clusterDestination.clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Gateway.spec.tls[index].route.serviceDestination

↩ Parent

RouteToService represents the service running in clusters.

NameTypeDescriptionRequired
hoststring

The destination service in &#003C;namespace&#003E;/&#003C;fqdn&#003E;.

false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false
tlsobject
false

Gateway.spec.tls[index].route.serviceDestination.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Gateway.spec.tls[index].route.serviceDestination.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Gateway.spec.waf

↩ Parent

WAF settings to be enabled for traffic passing through the HttpServer.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

Gateway.spec.wasmPlugins[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

Gateway.spec.wasmPlugins[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

Gateway.spec.wasmPlugins[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

Gateway.spec.workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

Group

↩ Parent

NameTypeDescriptionRequired
apiVersionstringgateway.tsb.tetrate.io/v2true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Group.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
configModeenum

Enum: BRIDGED, DIRECT

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this group.

false

Group.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Group.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this group.

NameTypeDescriptionRequired
names[]string
false

IngressGateway

↩ Parent

NameTypeDescriptionRequired
apiVersionstringgateway.tsb.tetrate.io/v2true
kindstringIngressGatewaytrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

IngressGateway configures a workload to act as an ingress gateway into the mesh.

false
statusobject
false

IngressGateway.spec

↩ Parent

IngressGateway configures a workload to act as an ingress gateway into the mesh.

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
http[]object

One or more HTTP or HTTPS servers exposed by the gateway.

false
tcp[]object
false
tlsPassthrough[]object

One or more TLS servers exposed by the gateway.

false
wafobject

WAF settings to be enabled for traffic passing through the HttpServer.

false
workloadSelectorobject
false

IngressGateway.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

IngressGateway.spec.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

IngressGateway.spec.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

IngressGateway.spec.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

IngressGateway.spec.http[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject

Configuration to authenticate clients.

false
authorizationobject

Configuration to authorize a request.

false
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
rateLimitingobject

Configuration for rate limiting requests.

false
routingobject

Routing rules associated with HTTP traffic to this service.

false
tlsobject

TLS certificate info.

false
xxxOldAuthenticationobject
false
xxxOldAuthorizationobject
false

IngressGateway.spec.http[index].authentication

↩ Parent

Configuration to authenticate clients.

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

IngressGateway.spec.http[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

IngressGateway.spec.http[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

IngressGateway.spec.http[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

IngressGateway.spec.http[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

IngressGateway.spec.http[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

IngressGateway.spec.http[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

IngressGateway.spec.http[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

IngressGateway.spec.http[index].authorization

↩ Parent

Configuration to authorize a request.

NameTypeDescriptionRequired
externalobject
false
localobject
false

IngressGateway.spec.http[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

IngressGateway.spec.http[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

IngressGateway.spec.http[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

IngressGateway.spec.http[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

IngressGateway.spec.http[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

IngressGateway.spec.http[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

IngressGateway.spec.http[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

IngressGateway.spec.http[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

IngressGateway.spec.http[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

IngressGateway.spec.http[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

IngressGateway.spec.http[index].rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

IngressGateway.spec.http[index].rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

IngressGateway.spec.http[index].rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

IngressGateway.spec.http[index].rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

IngressGateway.spec.http[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

IngressGateway.spec.http[index].routing

↩ Parent

Routing rules associated with HTTP traffic to this service.

NameTypeDescriptionRequired
corsPolicyobject

Cross origin resource request policy settings for all routes.

false
rules[]object

HTTP routes.

false

IngressGateway.spec.http[index].routing.corsPolicy

↩ Parent

Cross origin resource request policy settings for all routes.

NameTypeDescriptionRequired
allowCredentialsboolean
false
allowHeaders[]string

List of HTTP headers that can be used when requesting the resource.

false
allowMethods[]string

List of HTTP methods allowed to access the resource.

false
allowOrigin[]string

The list of origins that are allowed to perform CORS requests.

false
exposeHeaders[]string

A white list of HTTP headers that the browsers are allowed to access.

false
maxAgestring

Specifies how long the results of a preflight request can be cached.

false

IngressGateway.spec.http[index].routing.rules[index]

↩ Parent

NameTypeDescriptionRequired
match[]object

One or more match conditions (OR-ed).

false
modifyobject

One or more mutations to be performed before forwarding.

false
redirectobject

Redirect the request to a different host or URL or both.

false
routeobject

Forward the request to the specified destination(s).

false

IngressGateway.spec.http[index].routing.rules[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object

The header keys must be lowercase and use hyphen as the separator, e.g.

false
uriobject

URI to match.

false

IngressGateway.spec.http[index].routing.rules[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

IngressGateway.spec.http[index].routing.rules[index].match[index].uri

↩ Parent

URI to match.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

IngressGateway.spec.http[index].routing.rules[index].modify

↩ Parent

One or more mutations to be performed before forwarding.

NameTypeDescriptionRequired
headersobject

Add/remove/overwrite one or more HTTP headers in a request or response.

false
rewriteobject

Rewrite the HTTP Host or URL or both.

false

IngressGateway.spec.http[index].routing.rules[index].modify.headers

↩ Parent

Add/remove/overwrite one or more HTTP headers in a request or response.

NameTypeDescriptionRequired
requestobject

Header manipulation rules to apply before forwarding a request to the destination service.

false
responseobject

Header manipulation rules to apply before returning a response to the caller.

false

IngressGateway.spec.http[index].routing.rules[index].modify.headers.request

↩ Parent

Header manipulation rules to apply before forwarding a request to the destination service.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

IngressGateway.spec.http[index].routing.rules[index].modify.headers.response

↩ Parent

Header manipulation rules to apply before returning a response to the caller.

NameTypeDescriptionRequired
addmap[string]string
false
remove[]string

Remove a the specified headers.

false
setmap[string]string

Overwrite the headers specified by key with the given values.

false

IngressGateway.spec.http[index].routing.rules[index].modify.rewrite

↩ Parent

Rewrite the HTTP Host or URL or both.

NameTypeDescriptionRequired
authoritystring

Rewrite the Authority/Host header with this value.

false
uristring

Rewrite the path (or the prefix) portion of the URI with this value.

false

IngressGateway.spec.http[index].routing.rules[index].redirect

↩ Parent

Redirect the request to a different host or URL or both.

NameTypeDescriptionRequired
authoritystring

On a redirect, overwrite the Authority/Host portion of the URL with this value.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
redirectCodeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
schemestring

On a redirect, overwrite the scheme with this one.

false
uristring

On a redirect, overwrite the Path portion of the URL with this value.

false

IngressGateway.spec.http[index].routing.rules[index].route

↩ Parent

Forward the request to the specified destination(s).

NameTypeDescriptionRequired
hoststring
false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false

IngressGateway.spec.http[index].tls

↩ Parent

TLS certificate info.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

IngressGateway.spec.http[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

IngressGateway.spec.http[index].xxxOldAuthentication

↩ Parent

NameTypeDescriptionRequired
jwtobject
false

IngressGateway.spec.http[index].xxxOldAuthentication.jwt

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false

IngressGateway.spec.http[index].xxxOldAuthorization

↩ Parent

NameTypeDescriptionRequired
externalobject
false
localobject
false

IngressGateway.spec.http[index].xxxOldAuthorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
uristring
false

IngressGateway.spec.http[index].xxxOldAuthorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

IngressGateway.spec.tcp[index]

↩ Parent

NameTypeDescriptionRequired
hostnamestring

Hostname to identify the service.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
routeobject

Forward the connection to the specified destination.

false
tlsobject
false

IngressGateway.spec.tcp[index].route

↩ Parent

Forward the connection to the specified destination.

NameTypeDescriptionRequired
hoststring
false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false

IngressGateway.spec.tcp[index].tls

↩ Parent

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

IngressGateway.spec.tcp[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

IngressGateway.spec.tlsPassthrough[index]

↩ Parent

NameTypeDescriptionRequired
hostnamestring

Hostname with which the service can be expected to be accessed by clients.

false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
routeobject

Forward the connection to the specified destination.

false

IngressGateway.spec.tlsPassthrough[index].route

↩ Parent

Forward the connection to the specified destination.

NameTypeDescriptionRequired
hoststring
false
portinteger

The port on the service to forward the request to.


Minimum: 0
Maximum: 4.294967295e+09

false

IngressGateway.spec.waf

↩ Parent

WAF settings to be enabled for traffic passing through the HttpServer.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

IngressGateway.spec.workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

Tier1Gateway

↩ Parent

NameTypeDescriptionRequired
apiVersionstringgateway.tsb.tetrate.io/v2true
kindstringTier1Gatewaytrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Tier1Gateway configures a workload to act as a tier1 gateway into the mesh.

false
statusobject
false

Tier1Gateway.spec

↩ Parent

Tier1Gateway configures a workload to act as a tier1 gateway into the mesh.

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
externalServers[]object

One or more servers exposed by the gateway externally.

false
fqnstring

Fully-qualified name of the resource.

false
internalServers[]object

One or more servers exposed by the gateway internally for cross cluster forwarding.

false
passthroughServers[]object

One or more tls passthrough servers exposed by the gateway externally.

false
tcpExternalServers[]object

One or more tcp servers exposed by the gateway externally.

false
tcpInternalServers[]object

One or more tcp servers exposed by the gateway for mesh internal traffic.

false
wafobject

WAF settings to be enabled for traffic passing through this Tier1 gateway.

false
workloadSelectorobject
false

Tier1Gateway.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Tier1Gateway.spec.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

Tier1Gateway.spec.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

Tier1Gateway.spec.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.externalServers[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject
false
authorizationobject

Authorization is used to configure authorization of end users.

false
clusters[]object
false
hostnamestring
false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
rateLimitingobject

Configuration for rate limiting requests.

false
redirectobject

Redirect allows configuring HTTP redirect.

false
tlsobject

TLS certificate info.

false

Tier1Gateway.spec.externalServers[index].authentication

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

Tier1Gateway.spec.externalServers[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Tier1Gateway.spec.externalServers[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Tier1Gateway.spec.externalServers[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Tier1Gateway.spec.externalServers[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Tier1Gateway.spec.externalServers[index].authorization

↩ Parent

Authorization is used to configure authorization of end users.

NameTypeDescriptionRequired
externalobject
false
localobject
false

Tier1Gateway.spec.externalServers[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

Tier1Gateway.spec.externalServers[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Tier1Gateway.spec.externalServers[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Tier1Gateway.spec.externalServers[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

Tier1Gateway.spec.externalServers[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

Tier1Gateway.spec.externalServers[index].clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.externalServers[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

Tier1Gateway.spec.externalServers[index].redirect

↩ Parent

Redirect allows configuring HTTP redirect.

NameTypeDescriptionRequired
authoritystring

On a redirect, overwrite the Authority/Host portion of the URL with this value.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
redirectCodeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
schemestring

On a redirect, overwrite the scheme with this one.

false
uristring

On a redirect, overwrite the Path portion of the URL with this value.

false

Tier1Gateway.spec.externalServers[index].tls

↩ Parent

TLS certificate info.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

Tier1Gateway.spec.externalServers[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

Tier1Gateway.spec.internalServers[index]

↩ Parent

NameTypeDescriptionRequired
authenticationobject
false
authorizationobject

Authorization is used to configure authorization of end user and traffic.

false
clusters[]object
false
hostnamestring
false
namestring

A name assigned to the server.

false

Tier1Gateway.spec.internalServers[index].authentication

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

Tier1Gateway.spec.internalServers[index].authentication.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Tier1Gateway.spec.internalServers[index].authentication.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Tier1Gateway.spec.internalServers[index].authentication.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Tier1Gateway.spec.internalServers[index].authentication.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

Tier1Gateway.spec.internalServers[index].authorization

↩ Parent

Authorization is used to configure authorization of end user and traffic.

NameTypeDescriptionRequired
externalobject
false
localobject
false

Tier1Gateway.spec.internalServers[index].authorization.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

Tier1Gateway.spec.internalServers[index].authorization.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

Tier1Gateway.spec.internalServers[index].authorization.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

Tier1Gateway.spec.internalServers[index].authorization.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

Tier1Gateway.spec.internalServers[index].authorization.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

Tier1Gateway.spec.internalServers[index].clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.passthroughServers[index]

↩ Parent

NameTypeDescriptionRequired
clusters[]object
false
hostnamestring
false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.passthroughServers[index].clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.tcpExternalServers[index]

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters contain ingress gateways exposing the service.

false
hostnamestring
false
namestring

A name assigned to the server.

false
portinteger

The port where the server is exposed.


Minimum: 0
Maximum: 4.294967295e+09

false
tlsobject

TLS certificate information to terminate TLS.

false

Tier1Gateway.spec.tcpExternalServers[index].clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.tcpExternalServers[index].tls

↩ Parent

TLS certificate information to terminate TLS.

NameTypeDescriptionRequired
cipherSuites[]string

List of cipher suites to be used for TLS connections.

false
filesobject
false
maxProtocolVersionenum

Set the maximum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
minProtocolVersionenum

Set the minimum supported TLS protocol version.


Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring
false
subjectAltNames[]string
false

Tier1Gateway.spec.tcpExternalServers[index].tls.files

↩ Parent

NameTypeDescriptionRequired
caCertificatesstring
false
privateKeystring
false
serverCertificatestring
false

Tier1Gateway.spec.tcpInternalServers[index]

↩ Parent

NameTypeDescriptionRequired
clusters[]object

The destination clusters contain ingress gateways exposing the service.

false
hostnamestring

The name of the service used.

false
namestring

A name assigned to the server.

false

Tier1Gateway.spec.tcpInternalServers[index].clusters[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels associated with the cluster.

false
namestring

The name of the destination cluster.

false
networkstring

The network associated with the destination clusters.

false
weightinteger

The weight for traffic to a given destination.


Minimum: 0
Maximum: 4.294967295e+09

false

Tier1Gateway.spec.waf

↩ Parent

WAF settings to be enabled for traffic passing through this Tier1 gateway.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

Tier1Gateway.spec.workloadSelector

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string
false
namespacestring

The namespace where the workload resides.

false

istiointernal.tsb.tetrate.io/v2

Resource Types:

Group

↩ Parent

NameTypeDescriptionRequired
apiVersionstringistiointernal.tsb.tetrate.io/v2true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Group.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this group.

false

Group.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Group.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this group.

NameTypeDescriptionRequired
names[]string
false

rbac.tsb.tetrate.io/v2

Resource Types:

APIAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringAPIAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

APIAccessBindings assigns permissions to users of APIs.

false
statusobject
false

APIAccessBindings.spec

↩ Parent

APIAccessBindings assigns permissions to users of APIs.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

APIAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

APIAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

AccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

AccessBindings assigns permissions to users of any TSB resource.

false
statusobject
false

AccessBindings.spec

↩ Parent

AccessBindings assigns permissions to users of any TSB resource.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false

AccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

AccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

ApplicationAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringApplicationAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

ApplicationAccessBindings assigns permissions to users of applications.

false
statusobject
false

ApplicationAccessBindings.spec

↩ Parent

ApplicationAccessBindings assigns permissions to users of applications.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

ApplicationAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

ApplicationAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

GatewayAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringGatewayAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

GatewayAccessBindings assigns permissions to users of gateway groups.

false
statusobject
false

GatewayAccessBindings.spec

↩ Parent

GatewayAccessBindings assigns permissions to users of gateway groups.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

GatewayAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

GatewayAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

IstioInternalAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringIstioInternalAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

IstioInternalAccessBindings assigns permissions to users of istio internal groups.

false
statusobject
false

IstioInternalAccessBindings.spec

↩ Parent

IstioInternalAccessBindings assigns permissions to users of istio internal groups.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

IstioInternalAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

IstioInternalAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

OrganizationAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringOrganizationAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

OrganizationAccessBindings assigns permissions to users of organizations.

false
statusobject
false

OrganizationAccessBindings.spec

↩ Parent

OrganizationAccessBindings assigns permissions to users of organizations.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

OrganizationAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

OrganizationAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

Role

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringRoletrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Role.spec

↩ Parent

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rules[]object

A set of rules that define the permissions associated with each API group.

false

Role.spec.rules[index]

↩ Parent

NameTypeDescriptionRequired
permissions[]enum

The set of actions allowed for these APIs.

false
types[]object

The set of API groups and the api Kinds within the group on which this rule is applicable.

false

Role.spec.rules[index].types[index]

↩ Parent

NameTypeDescriptionRequired
apiGroupstring

A specific API group such as traffic.tsb.tetrate.io/v2.

false
kinds[]string

Specific kinds of APIs under the API group.

false

SecurityAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringSecurityAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

SecurityAccessBindings assigns permissions to users of security groups.

false
statusobject
false

SecurityAccessBindings.spec

↩ Parent

SecurityAccessBindings assigns permissions to users of security groups.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

SecurityAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

SecurityAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

TenantAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringTenantAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

TenantAccessBindings assigns permissions to users of tenants.

false
statusobject
false

TenantAccessBindings.spec

↩ Parent

TenantAccessBindings assigns permissions to users of tenants.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

TenantAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

TenantAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

TrafficAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringTrafficAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

TrafficAccessBindings assigns permissions to users of traffic groups.

false
statusobject
false

TrafficAccessBindings.spec

↩ Parent

TrafficAccessBindings assigns permissions to users of traffic groups.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

TrafficAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

TrafficAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

WorkspaceAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringWorkspaceAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

WorkspaceAccessBindings assigns permissions to users of workspaces.

false
statusobject
false

WorkspaceAccessBindings.spec

↩ Parent

WorkspaceAccessBindings assigns permissions to users of workspaces.

NameTypeDescriptionRequired
allow[]object
false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

WorkspaceAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring
false
subjects[]object
false

WorkspaceAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

security.tsb.tetrate.io/v2

Resource Types:

Group

↩ Parent

NameTypeDescriptionRequired
apiVersionstringsecurity.tsb.tetrate.io/v2true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Group.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
configModeenum

Enum: BRIDGED, DIRECT

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this group.

false
securityDomainstring

Security domains can be used to group different resources under the same security domain.

false

Group.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Group.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this group.

NameTypeDescriptionRequired
names[]string
false

SecuritySetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringsecurity.tsb.tetrate.io/v2true
kindstringSecuritySettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

SecuritySetting.spec

↩ Parent

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

SecuritySetting.spec.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

SecuritySetting.spec.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

SecuritySetting.spec.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

SecuritySetting.spec.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

SecuritySetting.spec.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

SecuritySetting.spec.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

SecuritySetting.spec.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

SecuritySetting.spec.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

SecuritySetting.spec.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

SecuritySetting.spec.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

SecuritySetting.spec.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

SecuritySetting.spec.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

SecuritySetting.spec.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

SecuritySetting.spec.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

SecuritySetting.spec.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

SecuritySetting.spec.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

SecuritySetting.spec.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

SecuritySetting.spec.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

SecuritySetting.spec.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

SecuritySetting.spec.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

SecuritySetting.spec.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

SecuritySetting.spec.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

SecuritySetting.spec.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

SecuritySetting.spec.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

SecuritySetting.spec.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

SecuritySetting.spec.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

SecuritySetting.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

SecuritySetting.spec.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

SecuritySetting.spec.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

SecuritySetting.spec.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

SecuritySetting.spec.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

ServiceSecuritySetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringsecurity.tsb.tetrate.io/v2true
kindstringServiceSecuritySettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

ServiceSecuritySetting.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
servicestring

The service on which the configuration is being applied.

false
settingsobject

Security settings to apply to this service.

false
subsets[]object
false

ServiceSecuritySetting.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

ServiceSecuritySetting.spec.settings

↩ Parent

Security settings to apply to this service.

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

ServiceSecuritySetting.spec.settings.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

ServiceSecuritySetting.spec.settings.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

ServiceSecuritySetting.spec.settings.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

ServiceSecuritySetting.spec.settings.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

ServiceSecuritySetting.spec.settings.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

ServiceSecuritySetting.spec.settings.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

ServiceSecuritySetting.spec.settings.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

ServiceSecuritySetting.spec.settings.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

ServiceSecuritySetting.spec.settings.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

ServiceSecuritySetting.spec.settings.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

ServiceSecuritySetting.spec.settings.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

ServiceSecuritySetting.spec.settings.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

ServiceSecuritySetting.spec.settings.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

ServiceSecuritySetting.spec.settings.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

ServiceSecuritySetting.spec.settings.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

ServiceSecuritySetting.spec.settings.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

ServiceSecuritySetting.spec.settings.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

ServiceSecuritySetting.spec.settings.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceSecuritySetting.spec.settings.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

ServiceSecuritySetting.spec.subsets[index]

↩ Parent

NameTypeDescriptionRequired
namestring

Name used to refer to the subset.

false
settingsobject

Security settings to apply to this service subset.

false

ServiceSecuritySetting.spec.subsets[index].settings

↩ Parent

Security settings to apply to this service subset.

NameTypeDescriptionRequired
authenticationenum

Enum: UNSET, OPTIONAL, REQUIRED

false
authenticationSettingsobject
false
authorizationobject
false
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
extension[]object
false
fqnstring

Fully-qualified name of the resource.

false
propagationStrategyenum

Enum: REPLACE, STRICTER

false
wafobject

NOTICE: this feature is in alpha stage and under active development.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings

↩ Parent

NameTypeDescriptionRequired
httpobject
false
trafficModeenum

Enum: UNSET, OPTIONAL, REQUIRED

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http

↩ Parent

NameTypeDescriptionRequired
jwtobject

Authenticate an HTTP request from a JWT Token attached to it.

false
rulesobject

List of rules how to authenticate an HTTP request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt

↩ Parent

Authenticate an HTTP request from a JWT Token attached to it.

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt.fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt.outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules

↩ Parent

List of rules how to authenticate an HTTP request.

NameTypeDescriptionRequired
jwt[]object

List of rules how to authenticate an HTTP request from a JWT Token attached to it.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index]

↩ Parent

NameTypeDescriptionRequired
audiences[]string
false
fromHeaders[]object

This field specifies the locations to extract JWT token.

false
issuerstring

Identifies the issuer that issued the JWT.

false
jwksstring

JSON Web Key Set of public keys to validate signature of the JWT.

false
jwksUristring
false
outputClaimToHeaders[]object

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

false
outputPayloadToHeaderstring
false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index].fromHeaders[index]

↩ Parent

NameTypeDescriptionRequired
namestring

The HTTP header name.

false
prefixstring

The prefix that should be stripped before decoding the token.

false

ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]

↩ Parent

NameTypeDescriptionRequired
claimstring

The name of the claim to be copied from.

false
headerstring

The name of the header to be created.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization

↩ Parent

NameTypeDescriptionRequired
httpobject

This is for configuring HTTP request authorization.

false
modeenum

A short cut for specifying the set of allowed callers.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES

false
rulesobject
false
serviceAccounts[]string
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http

↩ Parent

This is for configuring HTTP request authorization.

NameTypeDescriptionRequired
externalobject
false
localobject
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external

↩ Parent

NameTypeDescriptionRequired
includeRequestHeaders[]string
false
tlsobject
false
uristring
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local

↩ Parent

NameTypeDescriptionRequired
rules[]object
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index]

↩ Parent

NameTypeDescriptionRequired
from[]object
false
namestring

A friendly name to identify the binding.

false
to[]object
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].from[index]

↩ Parent

NameTypeDescriptionRequired
jwtobject

JWT configuration to identity the subject.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

NameTypeDescriptionRequired
issstring
false
othermap[string]string

A set of arbitrary claims that are required to qualify the subject.

false
substring
false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].to[index]

↩ Parent

NameTypeDescriptionRequired
methods[]string

The HTTP methods that are allowed by this rule.

false
paths[]string

The request path where the request is made against.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules

↩ Parent

NameTypeDescriptionRequired
allow[]object

Allow specifies a list of rules.

false
deny[]object

Deny specifies a list of rules.

false
denyAllboolean

Deny all specifies whether all requests should be rejected.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index]

↩ Parent

NameTypeDescriptionRequired
fromobject

From specifies the source of a request.

false
toobject

To specifies the destination of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index].from

↩ Parent

From specifies the source of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the source of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index].to

↩ Parent

To specifies the destination of a request.

NameTypeDescriptionRequired
fqnstring

The target resource identified by FQN which will be the destination of a request.

false

ServiceSecuritySetting.spec.subsets[index].settings.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

ServiceSecuritySetting.spec.subsets[index].settings.extension[index]

↩ Parent

NameTypeDescriptionRequired
configobject

Configuration parameters sent to the WASM plugin execution.

false
fqnstring

Fqn of the extension to be executed.

false
match[]object

Specifies the criteria to determine which traffic is passed to WasmExtension.

false

ServiceSecuritySetting.spec.subsets[index].settings.extension[index].match[index]

↩ Parent

NameTypeDescriptionRequired
modeenum

Criteria for selecting traffic by their direction.


Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER

false
ports[]object

Criteria for selecting traffic by their destination port.

false

ServiceSecuritySetting.spec.subsets[index].settings.extension[index].match[index].ports[index]

↩ Parent

NameTypeDescriptionRequired
numberinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceSecuritySetting.spec.subsets[index].settings.waf

↩ Parent

NOTICE: this feature is in alpha stage and under active development.

NameTypeDescriptionRequired
rules[]string

Rules to be leveraged by WAF.

false

traffic.tsb.tetrate.io/v2

Resource Types:

Group

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Group.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
configModeenum

Enum: BRIDGED, DIRECT

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this group.

false

Group.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Group.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this group.

NameTypeDescriptionRequired
names[]string
false

ServiceRoute

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringServiceRoutetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

ServiceRoute.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
httpRoutes[]object
false
portLevelSettings[]object

In order to support multi-protocol routing, a list of all port/protocol combinations is needed.

false
servicestring

The service on which the configuration is being applied.

false
stickySessionobject
false
subsets[]object
false
tcpRoutes[]object

TCPRoutes match TCP traffic based on port number.

false

ServiceRoute.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

ServiceRoute.spec.httpRoutes[index]

↩ Parent

NameTypeDescriptionRequired
destination[]object
false
match[]object
false
namestring
false

ServiceRoute.spec.httpRoutes[index].destination[index]

↩ Parent

NameTypeDescriptionRequired
destinationHoststring

Service host where traffic should be routed to.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
subsetstring
false
weightinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.httpRoutes[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object
false
namestring
false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
uriobject
false

ServiceRoute.spec.httpRoutes[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

ServiceRoute.spec.httpRoutes[index].match[index].uri

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

ServiceRoute.spec.portLevelSettings[index]

↩ Parent

NameTypeDescriptionRequired
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
stickySessionobject
false
trafficTypeenum

Enum: HTTP, TCP, TLS_PASSTHROUGH

false

ServiceRoute.spec.portLevelSettings[index].stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.portLevelSettings[index].stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.subsets[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels apply a filter over the endpoints of a service in the service registry.

false
namestring

Name used to refer to the subset.

false
portLevelSettings[]object
false
weightinteger

Percentage of traffic to be sent to this subset.


Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.subsets[index].portLevelSettings[index]

↩ Parent

NameTypeDescriptionRequired
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
stickySessionobject
false
trafficTypeenum

Enum: HTTP, TCP, TLS_PASSTHROUGH

false

ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.tcpRoutes[index]

↩ Parent

NameTypeDescriptionRequired
destination[]object
false
match[]object
false
namestring
false

ServiceRoute.spec.tcpRoutes[index].destination[index]

↩ Parent

NameTypeDescriptionRequired
destinationHoststring

Service host where traffic should be routed to.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
subsetstring
false
weightinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.tcpRoutes[index].match[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringTrafficSettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

TrafficSetting.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
egressobject
false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rateLimitingobject

Configuration for rate limiting requests.

false
reachabilityobject
false
resilienceobject
false

TrafficSetting.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

TrafficSetting.spec.egress

↩ Parent

NameTypeDescriptionRequired
hoststring

Specifies the egress gateway hostname.

false
portinteger

Deprecated.


Format: int32

false

TrafficSetting.spec.rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

TrafficSetting.spec.rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

TrafficSetting.spec.rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
headersmap[string]object
false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

TrafficSetting.spec.rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

TrafficSetting.spec.rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

TrafficSetting.spec.rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

TrafficSetting.spec.rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

TrafficSetting.spec.reachability

↩ Parent

NameTypeDescriptionRequired
hosts[]string
false
modeenum

A short cut for specifying the set of services accessed by the workload.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM

false

TrafficSetting.spec.resilience

↩ Parent

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

Enum: UNSET, LOW, MEDIUM, HIGH

false
httpRequestTimeoutstring

Timeout for HTTP requests.

false
httpRetriesobject

Retry policy for HTTP requests.

false
keepAliveobject

Keep Alive Settings.

false
tcpKeepaliveboolean

Deprecated.

false

TrafficSetting.spec.resilience.httpRetries

↩ Parent

Retry policy for HTTP requests.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

TrafficSetting.spec.resilience.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
tcpobject

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

false

TrafficSetting.spec.resilience.keepAlive.tcp

↩ Parent

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

NameTypeDescriptionRequired
downstreamobject

TCP Keep Alive Settings associated with the downstream (client) connection.

false
upstreamobject

TCP Keep Alive Settings associated with the upstream (backend) connection.

false

TrafficSetting.spec.resilience.keepAlive.tcp.downstream

↩ Parent

TCP Keep Alive Settings associated with the downstream (client) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.resilience.keepAlive.tcp.upstream

↩ Parent

TCP Keep Alive Settings associated with the upstream (backend) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false